Penetration Testing mailing list archives
RE: Pentesting Network Share Access via wireless
From: "Chris Serafin" <chris () chrisserafin com>
Date: Sun, 1 Jan 2006 15:27:07 -0600
Well if you ON the network, there are MANY ways to start cracking into boxes. Here's just one: Sniff traffic on the wireless collision domain [or arp spoof to get all traffic] find a IM program talking to other clients or IM servers [yahoo, aim, msn, irc] and send them a link with the WMF exploit. Like I said , this is only one way, and is a blended threat due to the human interaction involved [social engineering] Chris Serafin IT Security / Voice Engineer Chris () chrisserafin com -----Original Message----- From: sherwyn williams [mailto:s-williams () nyc rr com] Sent: Friday, December 30, 2005 8:41 PM To: pen-test () securityfocus com Subject: Pentesting Network Share Access via wireless Hi All, While doing a pen-test on a wireless network, I noticed that the router was not configured properly, and was giving out IP addresses to everyone. Now after noticing all the host pc's on the network with nmap -sP, my question is if I don't know the passwords for any of the host what is the best way to do a dictionary attempt on the guest, or administrator accounts. All the internal host are windows XP. Thanks in advance, all help is welcomed. ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Pentesting Network Share Access via wireless Inspiration (Jan 01)
- Re: Pentesting Network Share Access via wireless Dean De Beer (Jan 01)
- Re: Pentesting Network Share Access via wireless Thor (Hammer of God) (Jan 01)
- Re: Pentesting Network Share Access via wireless pagvac (Jan 05)
- Re: Pentesting Network Share Access via wireless pagvac (Jan 04)
- RE: Pentesting Network Share Access via wireless sherwyn williams (Jan 04)
- Re: Pentesting Network Share Access via wireless Thor (Hammer of God) (Jan 01)
- Re: Pentesting Network Share Access via wireless Dean De Beer (Jan 01)
- <Possible follow-ups>
- RE: Pentesting Network Share Access via wireless Chris Serafin (Jan 01)