Penetration Testing mailing list archives
RE: troubles with wireless pentest
From: "Jerry Shenk" <jshenk () decommunications com>
Date: Thu, 24 Jun 2004 13:06:43 -0400
One 'gotcha' might be the slot that the key is in. This seems to be more of an issue with Cisco gear but some others also. Try putting the WEP key in all 4 key slots and trying each one as the active key. -----Original Message----- From: zcrips xrabbitz [mailto:zcrips_xrabbitz () hotmail com] Sent: Wednesday, June 23, 2004 4:57 AM To: pen-test () securityfocus com Cc: zcrips_xrabbitz () hotmail com Subject: troubles with wireless pentest hi everyone, i have been taking on my first large and blind wireless pentest and i have nearly become lost in the jaws of a wireless network and would appreciate any help. first i'lll state what i have so far done and seen the network was encrypted but with wep and large traffic so i was able to bruteforce the key The network in focus is quite large with multiple subnets and lots of "firewalls" These I did. Using kismet I sniffed a whole lot of packets. And decoded them with the found wep key Then using my conventional ettercap and ethereal I looked through the packets. i sniffed a lot more with ettereal and looked through them for a similar mac address but all packets had i local (destination) ip and mac address Now The Problem. I tried to connect to the net work I used a nice ip to match one on the network (8.5) i changed mac addresses to match the host i was spoofing. then i tried to route packets to another client which failed with the network unreachable error i tried a traceroute to my target client but it failed too with the same error i used ettercap to passively watch traffic and came up with a comprehensive list of ip/mac addresses and tried to spoof most of them but still my packets didn't get routed i tried using etterape to watch traffic flow and come up with a route but i figure out that nearly all traffic was internal most hosts were connecting to each other HELP: HOW CAN I ROUTE PACKETS THROUGH TO OTHER CLIENTS OR BECOME A CLIENT OR IS THERE A BETTER WAY I COULD DO THIS WHOLE PENTEST FROM THE BEGINING PLS ANY HELP WOULD BE APPRECIATED. ZIPPERS CRIPS _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
Current thread:
- troubles with wireless pentest zcrips xrabbitz (Jun 23)
- Re: troubles with wireless pentest Jason Ostrom (Jun 24)
- Re: troubles with wireless pentest pingywon MCSE (Jun 24)
- RE: troubles with wireless pentest Jerry Shenk (Jun 24)
- Re: troubles with wireless pentest Max (Jun 25)
- Re: troubles with wireless pentest Max (Jun 27)
- <Possible follow-ups>
- Re: troubles with wireless pentest terrydunlap () netzero com (Jun 24)