well okay, so you cracked your WEP. whats next? well ill tell you what i would do.
if you're like me, you probably want more than just the internet.
so i open up a command and type in ipconfig, if on windows,
or ifconfig if on linux. there you will find the gateway, or router location, and the net mask)
most of the time its 192.168.1.1 for the router and 255.255.255.0 for the net mask
so i head on over and open up Firefox and type 192.168.1.1 in the URL
here you find out if you have a password already set up with your router, if not it is usually, admin admin, or admin password, or in some instances I've seen it will prompt you to create one because you havent yet.
thats the first thing I check. im putting this in pretending its someone elses network/router because i would never do anything illegal. okay so, its all passworded up, and if not you go and explore, find computer names, connections, etc.
Next I would open up ettercap's GUI if on windows or linux
(in linux type in ettercap -G -n 255.255.255.0 (or whatever the netmask is)) (same goes for windows if you use ettercaps prompt) then id do a MITM attack (ARP poisoning) and start sniffing the network traffic. Please read up on ettercap and how to perform such MITM attacks, and how to use it over all. Id then minimize it, and continue you on... (we will bring that back up later)...
next (if on BACKTRACK 3) i would open up netdiscover, to see what active hosts there are. (if youre not on BT dont worry this is only if you are)
next i would open up a terminal, or if on windows the nmap GUI (zenmap).
id then enter (depending on what IP you were given) 192.168.1.1/24 to scan the network for active hosts.
(if on linux id type nmap -sS -vv -O 192.168.1.1/24)
you should now, after waiting have a list of active hosts nmap has performed scans on and which ports are open on those hosts, and what services they are.
heres an example of what it should look like (or similar to):
Starting Nmap 4.01 ( http://www.insecure.org/nmap/ )
Interesting ports on 192.168.1.3:
PORT STATE SERVICE VERSION
21/tcp open ftp
25/tcp open smtp
80/tcp open http microsoft IE
445/tcp open microsoft-ds
1025/tcp open microsoft windows RPC
great, now what does that tell us? that tells us what ports are open and what services they are... lets see port 80, 445, and 1025. Now with that information we can use metasploit to find exploits on those services.
I would now, if on linux, or windows, use the MSF console. On windows, you can do this through the GUI by going to window, and then console, or just by pressing cntrl + o. Next id take a look at the exploits given to me, by typing "show exploits". I have noticed the target computer is running microsoft's internet explorer on port 80, so id try and find an exploit corresponding to IE. Upon searching the windows directory under MSF for exploits you will find tons of browser related exploits. I told you to read up on exploits, what they do and how they work so you should be able to choose the right corresponding one(s). Please read up on how to use metasploit to learn how to use exploits, and set payloads, customize payload options, etc. as that would be a whole different field to cover.
Now with a little luck and perseverance you might get a shell! (cmd prompt) with admin privileges (root). Here on out you can put in backdoors, look around, take files, or even inject a vnc payload. Id then restore ettercap and see if I found any data "given" to me when it was running in the background.
Well, I hope I didn't miss anything, or was wrong about anything, but that is usually what i personally do when im fooling around with my network. hope this gave you some sort of an idea what to do next, and sorry if any ignorance in my post was present.
