Rifts Posted October 6, 2008 Posted October 6, 2008 So after a lot of reading I finally cracked my first WEP key. So I guess my next question is what is next? Whats the point besides using the internet? Yeah there is my other computer on the network with a password so even if I try to go into My Network places> view work group computers I can not see anything since it asks for a user name/password. so whats the point? I cant even get the IP of my other computer what do you guys do Quote
DingleBerries Posted October 6, 2008 Posted October 6, 2008 Now you get Nmap or some other sec software and play around. Iron geek has a script to try and brute force windows passwords over a network, LINK. I started playing with damn vulnerable linux and i must say it is a challenged but it is worth it. There are other things as well. Say, hypothetically, you crack a department stores WEP. Now you have access to their intranet where many store documents are located. Quote
Rifts Posted October 7, 2008 Author Posted October 7, 2008 Now you get Nmap or some other sec software and play around. Iron geek has a script to try and brute force windows passwords over a network, LINK. I started playing with damn vulnerable linux and i must say it is a challenged but it is worth it. There are other things as well. Say, hypothetically, you crack a department stores WEP. Now you have access to their intranet where many store documents are located. i cant figure out how to get the local-name when using smbrute Quote
DingleBerries Posted October 7, 2008 Posted October 7, 2008 i cant figure out how to get the local-name when using smbrute Try cain and able.. I will have to research some tools for linux, but i know that others on this forum will have that information. Quote
Rifts Posted October 7, 2008 Author Posted October 7, 2008 Try cain and able.. I will have to research some tools for linux, but i know that others on this forum will have that information. edit im a moron C&A is for windows not linux Quote
dr_octagon Posted October 7, 2008 Posted October 7, 2008 edit im a moron C&A is for windows not linux look into nmap, its a network scanner. its very useful... you will see when you look into it after you look into nmap look into ettercap, and the metasploit framework hope that helps, sorry i didnt go into detail, im far too lazy right now, need coffee Quote
Rifts Posted October 7, 2008 Author Posted October 7, 2008 yah ettercap is pretty cool ive been messing with that, ill check out metasploit today =] Quote
dr_octagon Posted October 7, 2008 Posted October 7, 2008 yah ettercap is pretty cool ive been messing with that, ill check out metasploit today =] i recommend using the console end of metasploit instead of the GUI. and I also recommend learning how exploits work/what each exploits do as well. just to broaden knowledge rather than click type root hope you have a good learning experience! Quote
Rifts Posted October 8, 2008 Author Posted October 8, 2008 i recommend using the console end of metasploit instead of the GUI. and I also recommend learning how exploits work/what each exploits do as well. just to broaden knowledge rather than click type root hope you have a good learning experience! Thanks for the tips feel free to throw out any more tips im just trying to learn as much as i can Quote
shido Posted October 8, 2008 Posted October 8, 2008 ettercap etherape wireshark swscanner nmap metasploit john the ripper those are some tools to start with mess around with those Quote
dr_octagon Posted October 8, 2008 Posted October 8, 2008 Thanks for the tips feel free to throw out any more tips im just trying to learn as much as i can well okay, so you cracked your WEP. whats next? well ill tell you what i would do. if you're like me, you probably want more than just the internet. so i open up a command and type in ipconfig, if on windows, or ifconfig if on linux. there you will find the gateway, or router location, and the net mask) most of the time its 192.168.1.1 for the router and 255.255.255.0 for the net mask so i head on over and open up Firefox and type 192.168.1.1 in the URL here you find out if you have a password already set up with your router, if not it is usually, admin admin, or admin password, or in some instances I've seen it will prompt you to create one because you havent yet. thats the first thing I check. im putting this in pretending its someone elses network/router because i would never do anything illegal. okay so, its all passworded up, and if not you go and explore, find computer names, connections, etc. Next I would open up ettercap's GUI if on windows or linux (in linux type in ettercap -G -n 255.255.255.0 (or whatever the netmask is)) (same goes for windows if you use ettercaps prompt) then id do a MITM attack (ARP poisoning) and start sniffing the network traffic. Please read up on ettercap and how to perform such MITM attacks, and how to use it over all. Id then minimize it, and continue you on... (we will bring that back up later)... next (if on BACKTRACK 3) i would open up netdiscover, to see what active hosts there are. (if youre not on BT dont worry this is only if you are) next i would open up a terminal, or if on windows the nmap GUI (zenmap). id then enter (depending on what IP you were given) 192.168.1.1/24 to scan the network for active hosts. (if on linux id type nmap -sS -vv -O 192.168.1.1/24) you should now, after waiting have a list of active hosts nmap has performed scans on and which ports are open on those hosts, and what services they are. heres an example of what it should look like (or similar to): Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) Interesting ports on 192.168.1.3: PORT STATE SERVICE VERSION 21/tcp open ftp 25/tcp open smtp 80/tcp open http microsoft IE 445/tcp open microsoft-ds 1025/tcp open microsoft windows RPC great, now what does that tell us? that tells us what ports are open and what services they are... lets see port 80, 445, and 1025. Now with that information we can use metasploit to find exploits on those services. I would now, if on linux, or windows, use the MSF console. On windows, you can do this through the GUI by going to window, and then console, or just by pressing cntrl + o. Next id take a look at the exploits given to me, by typing "show exploits". I have noticed the target computer is running microsoft's internet explorer on port 80, so id try and find an exploit corresponding to IE. Upon searching the windows directory under MSF for exploits you will find tons of browser related exploits. I told you to read up on exploits, what they do and how they work so you should be able to choose the right corresponding one(s). Please read up on how to use metasploit to learn how to use exploits, and set payloads, customize payload options, etc. as that would be a whole different field to cover. Now with a little luck and perseverance you might get a shell! (cmd prompt) with admin privileges (root). Here on out you can put in backdoors, look around, take files, or even inject a vnc payload. Id then restore ettercap and see if I found any data "given" to me when it was running in the background. Well, I hope I didn't miss anything, or was wrong about anything, but that is usually what i personally do when im fooling around with my network. hope this gave you some sort of an idea what to do next, and sorry if any ignorance in my post was present. Quote
Rifts Posted October 9, 2008 Author Posted October 9, 2008 well okay, so you cracked your WEP. whats next? well ill tell you what i would do. if you're like me, you probably want more than just the internet. so i open up a command and type in ipconfig, if on windows, or ifconfig if on linux. there you will find the gateway, or router location, and the net mask) most of the time its 192.168.1.1 for the router and 255.255.255.0 for the net mask so i head on over and open up Firefox and type 192.168.1.1 in the URL here you find out if you have a password already set up with your router, if not it is usually, admin admin, or admin password, or in some instances I've seen it will prompt you to create one because you havent yet. thats the first thing I check. im putting this in pretending its someone elses network/router because i would never do anything illegal. okay so, its all passworded up, and if not you go and explore, find computer names, connections, etc. Next I would open up ettercap's GUI if on windows or linux (in linux type in ettercap -G -n 255.255.255.0 (or whatever the netmask is)) (same goes for windows if you use ettercaps prompt) then id do a MITM attack (ARP poisoning) and start sniffing the network traffic. Please read up on ettercap and how to perform such MITM attacks, and how to use it over all. Id then minimize it, and continue you on... (we will bring that back up later)... next (if on BACKTRACK 3) i would open up netdiscover, to see what active hosts there are. (if youre not on BT dont worry this is only if you are) next i would open up a terminal, or if on windows the nmap GUI (zenmap). id then enter (depending on what IP you were given) 192.168.1.1/24 to scan the network for active hosts. (if on linux id type nmap -sS -vv -O 192.168.1.1/24) you should now, after waiting have a list of active hosts nmap has performed scans on and which ports are open on those hosts, and what services they are. heres an example of what it should look like (or similar to): Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) Interesting ports on 192.168.1.3: PORT STATE SERVICE VERSION 21/tcp open ftp 25/tcp open smtp 80/tcp open http microsoft IE 445/tcp open microsoft-ds 1025/tcp open microsoft windows RPC great, now what does that tell us? that tells us what ports are open and what services they are... lets see port 80, 445, and 1025. Now with that information we can use metasploit to find exploits on those services. I would now, if on linux, or windows, use the MSF console. On windows, you can do this through the GUI by going to window, and then console, or just by pressing cntrl + o. Next id take a look at the exploits given to me, by typing "show exploits". I have noticed the target computer is running microsoft's internet explorer on port 80, so id try and find an exploit corresponding to IE. Upon searching the windows directory under MSF for exploits you will find tons of browser related exploits. I told you to read up on exploits, what they do and how they work so you should be able to choose the right corresponding one(s). Please read up on how to use metasploit to learn how to use exploits, and set payloads, customize payload options, etc. as that would be a whole different field to cover. Now with a little luck and perseverance you might get a shell! (cmd prompt) with admin privileges (root). Here on out you can put in backdoors, look around, take files, or even inject a vnc payload. Id then restore ettercap and see if I found any data "given" to me when it was running in the background. Well, I hope I didn't miss anything, or was wrong about anything, but that is usually what i personally do when im fooling around with my network. hope this gave you some sort of an idea what to do next, and sorry if any ignorance in my post was present. Hey thanks so much this helped a lot, im glad to see that I have been going in the right direction. I've messed around with ettercap and ARP poisoning its pretty cool, I have also tested out netdiscover I tried using metaspolit but it doesnt work cuz none of the attacked worked i guess everything i try is patched i dont really know but thanks again for the amazing post Quote
moonlit Posted October 9, 2008 Posted October 9, 2008 http://en.wikipedia.org/wiki/NeXT Oh wait... Quote
dr_octagon Posted October 9, 2008 Posted October 9, 2008 Hey thanks so much this helped a lot, im glad to see that I have been going in the right direction. I've messed around with ettercap and ARP poisoning its pretty cool, I have also tested out netdiscover I tried using metaspolit but it doesnt work cuz none of the attacked worked i guess everything i try is patched i dont really know but thanks again for the amazing post no problem Rifts, I tried. have fun Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.