Re: Mapping a network

[Zack Payton <zpayton () gmail com>]

DNS cache poisoning or wpad attacks

Sent from my iPhone

On Sep 22, 2009, at 4:04 PM, Lee <ler762 () gmail com> wrote:

> On 9/22/09, Zack Payton <zpayton () gmail com> wrote:
> > Forget about scapy or the cisco perl scripts.  Use dynamips and get
> > your own virtual router running on their network.
> > But if passive interface is enabled, you're pretty screwed attempting
> > route injection from that vantage point in the network.
>
> Which is what I thought, but I was wondering if I was missing  
> something..
>
> > I would probably resort to arp spoofing to client side browser pwnage
> > and trying to escalate that way.
>
> DHCP snooping is enabled, so that seems to kill any arp spoofing  
> tricks.
> Trunking is disabled on all the switch ports, so that seems to kill
> any vlan hopping tricks.
>
> ... maybe if I offer someone a chocolate bar for their password :)
>
> Thanks,
> Lee

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------