Penetration Testing mailing list archives
Re: troubles with wireless pentest
From: Jason Ostrom <justiceguy () pobox com>
Date: Thu, 24 Jun 2004 08:56:21 -0500
So I'm assuming you were able to decipher the ASCII/Hex 5 or 13-byte WEP key using tools based on the FMS attack. And you said below that you try to connect to the network but can't bridge / route through the AP - but I didn't see you mention that you used the WEP key to connect to the network. Even with the spoofing in place, you won't be able to communicate to the AP unless you use the WEP key properly. I'm assuming that you were able to determine the WEP key on a network using static WEP. Because if the network is using rotating WEP keys with 802.1x, your problem is complicated. It may seem obvious, but I didn't see you mention this about using the WEP key. When you try to route through the AP, what kind of a response do you see from the AP? Jason zcrips xrabbitz> hi everyone, zcrips xrabbitz> i have been taking on my zcrips xrabbitz> first large and blind wireless pentest and i zcrips xrabbitz> have nearly become lost in the jaws zcrips xrabbitz> of a wireless network and would zcrips xrabbitz> appreciate any help. first i'lll zcrips xrabbitz> state what i have so far done and seen zcrips xrabbitz> the network was encrypted but with zcrips xrabbitz> wep and large traffic so i was able to zcrips xrabbitz> bruteforce the key zcrips xrabbitz> The network in focus is quite large zcrips xrabbitz> with multiple subnets and lots of zcrips xrabbitz> “firewalls” zcrips xrabbitz> These I did. zcrips xrabbitz> Using kismet I sniffed a whole lot zcrips xrabbitz> of packets. And decoded them with the zcrips xrabbitz> found wep key zcrips xrabbitz> Then using my conventional ettercap zcrips xrabbitz> and ethereal I looked through the zcrips xrabbitz> packets. zcrips xrabbitz> i sniffed a lot more with ettereal zcrips xrabbitz> and looked through them for a similar mac zcrips xrabbitz> address but all packets zcrips xrabbitz> had i local (destination) ip and mac address zcrips xrabbitz> Now The Problem. zcrips xrabbitz> I tried to connect to the net work zcrips xrabbitz> I used a nice ip to match one on the network zcrips xrabbitz> (8.5) i changed mac addresses to zcrips xrabbitz> match the host i was spoofing. zcrips xrabbitz> then i tried to route packets to another client zcrips xrabbitz> which failed with the network unreachable error zcrips xrabbitz> i tried a traceroute to my target zcrips xrabbitz> client but it failed too with the same zcrips xrabbitz> error zcrips xrabbitz> i used ettercap to passively watch zcrips xrabbitz> traffic and came up with a comprehensive zcrips xrabbitz> list of ip/mac addresses and tried zcrips xrabbitz> to spoof most of them but still my zcrips xrabbitz> packets didn't get routed zcrips xrabbitz> i tried using etterape to watch zcrips xrabbitz> traffic flow and come up with a route but i zcrips xrabbitz> figure out that nearly all traffic zcrips xrabbitz> was internal most hosts were connecting zcrips xrabbitz> to each other zcrips xrabbitz> HELP: zcrips xrabbitz> HOW CAN I ROUTE PACKETS THROUGH zcrips xrabbitz> TO OTHER CLIENTS OR BECOME A CLIENT zcrips xrabbitz> OR IS THERE A BETTER WAY I COULD DO zcrips xrabbitz> THIS WHOLE PENTEST FROM THE BEGINING zcrips xrabbitz> PLS ANY HELP WOULD BE APPRECIATED. zcrips xrabbitz> ZIPPERS CRIPS zcrips xrabbitz> _________________________________________________________________ zcrips xrabbitz> MSN 8 with e-mail virus protection zcrips xrabbitz> service: 2 months FREE* zcrips xrabbitz> http://join.msn.com/?page=features/virus
Current thread:
- troubles with wireless pentest zcrips xrabbitz (Jun 23)
- Re: troubles with wireless pentest Jason Ostrom (Jun 24)
- Re: troubles with wireless pentest pingywon MCSE (Jun 24)
- RE: troubles with wireless pentest Jerry Shenk (Jun 24)
- Re: troubles with wireless pentest Max (Jun 25)
- Re: troubles with wireless pentest Max (Jun 27)
- <Possible follow-ups>
- Re: troubles with wireless pentest terrydunlap () netzero com (Jun 24)