Penetration Testing mailing list archives
Re: Lan access via wifi
From: "DokFLeed" <dokfleed () dokfleed net>
Date: Mon, 6 Jun 2005 18:02:09 +0400
Just a quick thought if you can't hack any of the boxes, sniff themtry winARP if you are on windows, it will list all the clients logged in the network
check if you can poison them and sniff the data.on linux you can try ettercap , poison them , DNS poison again, direct them to a page you control , make them download a keylogger (its better to code your own logger so it won't get detected) , finally 0wn the network :)
or search for a domain controller and grab is Admin password. i am not sure , if you are authorized to do so , but its always fun to try.is it a simple star network of workstations connected to a single wireless router?
good luck DokFLeed----- Original Message ----- From: "Sherwyn Williams" <sherwill22 () tmail com>
To: "Brian W Baker" <panadero () gmail com> Cc: <pen-test () securityfocus com> Sent: Monday, June 06, 2005 10:05 PM Subject: Re: Lan access via wifi
The thing is that is did that already, I stated that in my first post. I did a nmap and noticed that all the internal host are filtered by some firewall. I have access to the wireless router and I open up the internal host by pointing them to the dmz side of the router. I did a nessus scan and also and got no usefull info. So Is why my next step was to try a unc shared access by doing \\.\x:\ but that did not gave me any useful info.That is why I email the list. On Mon, 6 Jun 2005 13:37, Brian W Baker wrote:Not that I'm against learning, as we've all been there, and learned from some of the best. What gets me, is that you're on a "pentest"...enumeration should be your next step, nmap at least, then nessus, at least...once you get in the network via wireless, it would be the same as what I presume you've already done on the rest of the pentest (wired side). Are you working with someone else on this pentest? I'm not trying to be "ugly", I'm just saying what I'm sure a lot of the rest of the list didn't say... Sherwyn Williams wrote:Kidding with what my question, what is this the Professional corner of the list, ok professors if you are tired of teaching you can go back to solving world peace I totally get it. I should try www.google right thanks a lot to everyone who did took timr to answer my quetion On Mon, 6 Jun 2005 12:49, Brian W Baker wrote:You're kiddin, right? Sherwyn Williams wrote:Senerio:Doing a pentest, the client has a wifi router that is not encrypted and is gaving out dhcp address to any wifi client with a compatible card.Now my question is once I received a ip address, and I pinged a few internal clients , how would be a good way for me to gain access to these internal network. I tried //ipaddress/ because there is no machine name in the dhcp routing table. Could not connect that way, I even tried to open upcertain ports via putting the machine on the router dmz and did a scan with the secuirty features disable, but still there is no open ports.Thanks in advance. Sherwyn Williams Technical Consultant (917) 650-5139 Sherwill22 () tmail comSherwyn Williams Technical Consultant (917) 650-5139 Sherwill22 () tmail comSherwyn Williams Technical Consultant (917) 650-5139 Sherwill22 () tmail com
Current thread:
- Router Access Sherwyn Williams (Jun 01)
- Re: Router Access Michael J McCafferty (Jun 02)
- Re: Router Access Matt (Jun 02)
- Lan access via wifi Sherwyn Williams (Jun 06)
- Re: Lan access via wifi Jose Selvi (Jun 06)
- Message not available
- Message not available
- Message not available
- Re: Lan access via wifi Sherwyn Williams (Jun 06)
- Re: Lan access via wifi Peter Van Epp (Jun 06)
- Re: Lan access via wifi Sherwyn Williams (Jun 07)
- Re: Lan access via wifi DokFLeed (Jun 07)
- Lan access via wifi Sherwyn Williams (Jun 06)