Penetration Testing mailing list archives

RE: troubles with wireless pentest

From: "Jerry Shenk" <jshenk () decommunications com>
Date: Thu, 24 Jun 2004 13:06:43 -0400

One 'gotcha' might be the slot that the key is in.  This seems to be
more of an issue with Cisco gear but some others also.  Try putting the
WEP key in all 4 key slots and trying each one as the active key.

-----Original Message-----
From: zcrips xrabbitz [mailto:zcrips_xrabbitz () hotmail com] 
Sent: Wednesday, June 23, 2004 4:57 AM
To: pen-test () securityfocus com
Cc: zcrips_xrabbitz () hotmail com
Subject: troubles with wireless pentest


hi everyone,
      i have been taking on my first large and blind wireless pentest
and i 
have nearly become lost in the jaws of a wireless network and would 
appreciate any help. first i'lll state what i have so far done and seen

the network was encrypted but with wep and large traffic so i was able
to 
bruteforce the key
The network in focus is quite large with multiple subnets and lots of 
"firewalls"

These I did.

Using kismet I sniffed a whole lot of packets. And decoded them with the

found wep key

Then using my conventional ettercap and ethereal I looked through the 
packets.
i sniffed a lot more with ettereal and looked through them for a similar
mac 
address but all packets
had i local (destination) ip and mac address

Now The Problem.

I tried to connect to the net work

I used a nice ip to match one on the network
(8.5) i changed mac addresses to match the host i was spoofing.

then i tried to route packets to another client
which failed with the network unreachable error
i tried a traceroute to my target client but it failed too with the same

error

i used ettercap to passively watch traffic and came up with a
comprehensive 
list of ip/mac addresses and tried to spoof most of them but still my 
packets didn't get routed
i tried using etterape to watch traffic flow and come up with a route
but i 
figure out that nearly all traffic was internal most hosts were
connecting 
to each other

HELP:
    HOW CAN I ROUTE PACKETS THROUGH  TO OTHER CLIENTS OR BECOME A CLIENT
OR IS THERE A BETTER WAY I COULD DO THIS WHOLE PENTEST FROM THE BEGINING
PLS ANY HELP WOULD BE APPRECIATED.


ZIPPERS CRIPS

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus

Current thread:

troubles with wireless pentest zcrips xrabbitz (Jun 23)
- Re: troubles with wireless pentest Jason Ostrom (Jun 24)
- Re: troubles with wireless pentest pingywon MCSE (Jun 24)
- RE: troubles with wireless pentest Jerry Shenk (Jun 24)
- Re: troubles with wireless pentest Max (Jun 25)
- Re: troubles with wireless pentest Max (Jun 27)
- <Possible follow-ups>
- Re: troubles with wireless pentest terrydunlap () netzero com (Jun 24)