Jump to content

Nmap Local Coffee Shop Proxys?


Encrypto
 Share

Recommended Posts

So, Im in this coffee shop, It connects to the AP, then gives a page asking for your acceptance of their terms, then they forward you to another webpage, maybe the coffee shops website, then you have full access to use the internet.

My question is, knowing that others are using the same AP, yet when i scan the network gateway with nmap, none of the other ip addresses show up except mine and the APs. So what am I doing wrong, or What is the Host Ap doing to block all other ip addresses? Here is the website info from the browser....edited a little... can anyone see from this what is going on in the output i mentioned of nmap???? I have tried 'nmap -sV -A 192.168.5.1/24 and nmap -sV -A 192.168.5.1-254' also yet no other ip addresses show up. The gateway is 192.168.5.1, so is this gw connected to a 10.10.10.1 net? I have not run 'nmap 192.168.5.1/24 10.0.0.0/8 yet. So, the question is why in the nmap report are not the other ip addresses showing up?

fakewebsite.com/att_cp.adp?ProxyHost=&UserAgent=Mozilla%2f5.0+(X11%3b+Linux+i686+on+x86_64%3b+rv%3a7.0.1)+Gecko%2f20100101+Firefox%2f7.0.1&TunnelIfId=349326&NmdId=25798&ReturnHost=nmd.sbx10347.sanfrca.wayport.net&MacAddr=00%3a06%3aAD%3aDB%3aE0%3a98&IpAddr=192.168.5.137&NduMacAddr=00%3a1D%3a70%3a8A%3aDD%3a64&NduPort=4&PortType=Wireless&PortDesc=attwifi%3a%3aAP1&UseCount=1&PaymentMethod=Passthrough&ChargeAmount=0.00&Style=ATT&vsgpId=289968e2-3e17-11dd-9869-0090fb1a3f56&pVersion=2&ValidationHash=cbaafba108c37f2ece7a337b3a57e88d&origDest=&ProxyHost=&vsgId=97616&ts=1325905702

Link to comment
Share on other sites

If your goal is to find your path out to the uplink, you can just use traceroute, or "

" as some next gen hax0rs say.

Is the AP kicking you over to the 10.10.10.x net after you 'authenticate'?

I would pull an IP, nmap the subnet before authenticating. Then authenticate, check your IP address, and nmap the new subnet if your IP has changed. Then do a battle roll, shop da whops, and under 9000.

Link to comment
Share on other sites

If you can only see yourself and the access point, I'd say the AP must have some kind of isolation protocol activated.

If you have an Alfa wireless card, try using Airmong-ng to determine if there is any client authenticated to the AP.

Link to comment
Share on other sites

Nmap shouldn't work as Infiltrator mentioned AP isolation, common in coffee shops and public spots. Usually with AP isolation if you spoof your MAC to that of the AP it will dos the network.

Most cisco routers have this enabled.

I haven't messed with wifi in a while, but I still think there's ways to use traditional methods w/AP isolation, just in different ways.

You can't let ap isolation get you down, I know how you feel, just have to use other methods!

Link to comment
Share on other sites

Assuming you already have the WPA key, maybe if you run a continuous death attack on a client, then spoof your mac to that client's addy and try to reconnect to the router (without using DHCP, set your information manually to the DHCP lease info the former client used) and maybe you could get free internet.

Link to comment
Share on other sites

I know I have been blocked on AP Isolation/Client Isolation/Layer-2 WAPs when trying to mitm or DNS spoof. The ARP replies go dead in arpspoof and ettercap. I wondered for a while what was blocking my signals to my cell phone. I spoofed my MAC and it DOS'd the coffeeshop for a bit, so this sounds exactly like what I was running into.

Any recommendations on fun that can be had on a Client Isolated network interacting with the other clients? And I'm staying out of the router unless that is the last option. I don't have AP Isolation on my home router, so I don't really have a test bed and pivoting off somebody else's router seems like a good way to be a tattooed gorilla's unwilling girlfriend for a couple months.

Link to comment
Share on other sites

I have found this thread at the Backtrack forums. You might want to give this a shot, see if you have much luck.

http://www.backtrack-linux.org/forums/beginners-forum/32657-possible-bypass-client-isolation-wifitap.html

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...