Whats Next?

[Rifts]

So after a lot of reading I finally cracked my first WEP key. So I guess my next question is what is next? Whats the point besides using the internet? Yeah there is my other computer on the network with a password so even if I try to go into My Network places> view work group computers I can not see anything since it asks for a user name/password.

so whats the point? I cant even get the IP of my other computer

what do you guys do

[DingleBerries]

Now you get Nmap or some other sec software and play around. Iron geek has a script to try and brute force windows passwords over a network, LINK. I started playing with damn vulnerable linux and i must say it is a challenged but it is worth it.

There are other things as well. Say, hypothetically, you crack a department stores WEP. Now you have access to their intranet where many store documents are located.

[Rifts]

Now you get Nmap or some other sec software and play around. Iron geek has a script to try and brute force windows passwords over a network, LINK. I started playing with damn vulnerable linux and i must say it is a challenged but it is worth it.

There are other things as well. Say, hypothetically, you crack a department stores WEP. Now you have access to their intranet where many store documents are located.

i cant figure out how to get the local-name when using smbrute

[DingleBerries]

i cant figure out how to get the local-name when using smbrute

Try cain and able.. I will have to research some tools for linux, but i know that others on this forum will have that information.

[Rifts]

Try cain and able.. I will have to research some tools for linux, but i know that others on this forum will have that information.

edit im a moron C&A is for windows not linux

[dr_octagon]

edit im a moron C&A is for windows not linux

look into nmap, its a network scanner. its very useful... you will see when you look into it

after you look into nmap look into ettercap, and the metasploit framework

hope that helps, sorry i didnt go into detail, im far too lazy right now, need coffee

[Rifts]

yah ettercap is pretty cool ive been messing with that, ill check out metasploit today =]

[dr_octagon]

yah ettercap is pretty cool ive been messing with that, ill check out metasploit today =]

i recommend using the console end of metasploit instead of the GUI. and I also recommend learning how exploits work/what each exploits do as well. just to broaden knowledge rather than

click type root

hope you have a good learning experience!

[Rifts]

i recommend using the console end of metasploit instead of the GUI. and I also recommend learning how exploits work/what each exploits do as well. just to broaden knowledge rather than

click type root

hope you have a good learning experience!

Thanks for the tips feel free to throw out any more tips im just trying to learn as much as i can

[shido]

ettercap etherape wireshark swscanner nmap metasploit john the ripper

those are some tools to start with mess around with those

[dr_octagon]

Thanks for the tips feel free to throw out any more tips im just trying to learn as much as i can

well okay, so you cracked your WEP. whats next? well ill tell you what i would do.

if you're like me, you probably want more than just the internet.

so i open up a command and type in ipconfig, if on windows,

or ifconfig if on linux. there you will find the gateway, or router location, and the net mask)

most of the time its 192.168.1.1 for the router and 255.255.255.0 for the net mask

so i head on over and open up Firefox and type 192.168.1.1 in the URL

here you find out if you have a password already set up with your router, if not it is usually, admin admin, or admin password, or in some instances I've seen it will prompt you to create one because you havent yet.

thats the first thing I check. im putting this in pretending its someone elses network/router because i would never do anything illegal. okay so, its all passworded up, and if not you go and explore, find computer names, connections, etc.

Next I would open up ettercap's GUI if on windows or linux

(in linux type in ettercap -G -n 255.255.255.0 (or whatever the netmask is)) (same goes for windows if you use ettercaps prompt) then id do a MITM attack (ARP poisoning) and start sniffing the network traffic. Please read up on ettercap and how to perform such MITM attacks, and how to use it over all. Id then minimize it, and continue you on... (we will bring that back up later)...

next (if on BACKTRACK 3) i would open up netdiscover, to see what active hosts there are. (if youre not on BT dont worry this is only if you are)

next i would open up a terminal, or if on windows the nmap GUI (zenmap).

id then enter (depending on what IP you were given) 192.168.1.1/24 to scan the network for active hosts.

(if on linux id type nmap -sS -vv -O 192.168.1.1/24)

you should now, after waiting have a list of active hosts nmap has performed scans on and which ports are open on those hosts, and what services they are.

heres an example of what it should look like (or similar to):

Starting Nmap 4.01 ( http://www.insecure.org/nmap/ )
Interesting ports on 192.168.1.3:
PORT          STATE       SERVICE             VERSION
21/tcp        open           ftp               
25/tcp        open           smtp       
80/tcp        open           http           microsoft IE
445/tcp       open      microsoft-ds
1025/tcp      open    microsoft windows RPC

great, now what does that tell us? that tells us what ports are open and what services they are... lets see port 80, 445, and 1025. Now with that information we can use metasploit to find exploits on those services.

I would now, if on linux, or windows, use the MSF console. On windows, you can do this through the GUI by going to window, and then console, or just by pressing cntrl + o. Next id take a look at the exploits given to me, by typing "show exploits". I have noticed the target computer is running microsoft's internet explorer on port 80, so id try and find an exploit corresponding to IE. Upon searching the windows directory under MSF for exploits you will find tons of browser related exploits. I told you to read up on exploits, what they do and how they work so you should be able to choose the right corresponding one(s). Please read up on how to use metasploit to learn how to use exploits, and set payloads, customize payload options, etc. as that would be a whole different field to cover.

Now with a little luck and perseverance you might get a shell! (cmd prompt) with admin privileges (root). Here on out you can put in backdoors, look around, take files, or even inject a vnc payload. Id then restore ettercap and see if I found any data "given" to me when it was running in the background.

Well, I hope I didn't miss anything, or was wrong about anything, but that is usually what i personally do when im fooling around with my network. hope this gave you some sort of an idea what to do next, and sorry if any ignorance in my post was present.

[Rifts]

well okay, so you cracked your WEP. whats next? well ill tell you what i would do.

if you're like me, you probably want more than just the internet.

so i open up a command and type in ipconfig, if on windows,

or ifconfig if on linux. there you will find the gateway, or router location, and the net mask)

most of the time its 192.168.1.1 for the router and 255.255.255.0 for the net mask

so i head on over and open up Firefox and type 192.168.1.1 in the URL

here you find out if you have a password already set up with your router, if not it is usually, admin admin, or admin password, or in some instances I've seen it will prompt you to create one because you havent yet.

thats the first thing I check. im putting this in pretending its someone elses network/router because i would never do anything illegal. okay so, its all passworded up, and if not you go and explore, find computer names, connections, etc.

Next I would open up ettercap's GUI if on windows or linux

(in linux type in ettercap -G -n 255.255.255.0 (or whatever the netmask is)) (same goes for windows if you use ettercaps prompt) then id do a MITM attack (ARP poisoning) and start sniffing the network traffic. Please read up on ettercap and how to perform such MITM attacks, and how to use it over all. Id then minimize it, and continue you on... (we will bring that back up later)...

next (if on BACKTRACK 3) i would open up netdiscover, to see what active hosts there are. (if youre not on BT dont worry this is only if you are)

next i would open up a terminal, or if on windows the nmap GUI (zenmap).

id then enter (depending on what IP you were given) 192.168.1.1/24 to scan the network for active hosts.

(if on linux id type nmap -sS -vv -O 192.168.1.1/24)

you should now, after waiting have a list of active hosts nmap has performed scans on and which ports are open on those hosts, and what services they are.

heres an example of what it should look like (or similar to):

Starting Nmap 4.01 ( http://www.insecure.org/nmap/ )
Interesting ports on 192.168.1.3:
PORT          STATE       SERVICE             VERSION
21/tcp        open           ftp               
25/tcp        open           smtp       
80/tcp        open           http           microsoft IE
445/tcp       open      microsoft-ds
1025/tcp      open    microsoft windows RPC

great, now what does that tell us? that tells us what ports are open and what services they are... lets see port 80, 445, and 1025. Now with that information we can use metasploit to find exploits on those services.

I would now, if on linux, or windows, use the MSF console. On windows, you can do this through the GUI by going to window, and then console, or just by pressing cntrl + o. Next id take a look at the exploits given to me, by typing "show exploits". I have noticed the target computer is running microsoft's internet explorer on port 80, so id try and find an exploit corresponding to IE. Upon searching the windows directory under MSF for exploits you will find tons of browser related exploits. I told you to read up on exploits, what they do and how they work so you should be able to choose the right corresponding one(s). Please read up on how to use metasploit to learn how to use exploits, and set payloads, customize payload options, etc. as that would be a whole different field to cover.

Now with a little luck and perseverance you might get a shell! (cmd prompt) with admin privileges (root). Here on out you can put in backdoors, look around, take files, or even inject a vnc payload. Id then restore ettercap and see if I found any data "given" to me when it was running in the background.

Well, I hope I didn't miss anything, or was wrong about anything, but that is usually what i personally do when im fooling around with my network. hope this gave you some sort of an idea what to do next, and sorry if any ignorance in my post was present.

Hey thanks so much this helped a lot, im glad to see that I have been going in the right direction. I've messed around with ettercap and ARP poisoning its pretty cool, I have also tested out netdiscover

I tried using metaspolit but it doesnt work cuz none of the attacked worked i guess everything i try is patched

i dont really know

but thanks again for the amazing post

[moonlit]

http://en.wikipedia.org/wiki/NeXT

Oh wait...

[dr_octagon]

Hey thanks so much this helped a lot, im glad to see that I have been going in the right direction. I've messed around with ettercap and ARP poisoning its pretty cool, I have also tested out netdiscover

I tried using metaspolit but it doesnt work cuz none of the attacked worked i guess everything i try is patched

i dont really know

but thanks again for the amazing post

no problem Rifts, I tried. have fun