Encrypto Posted January 7, 2012 Share Posted January 7, 2012 So, Im in this coffee shop, It connects to the AP, then gives a page asking for your acceptance of their terms, then they forward you to another webpage, maybe the coffee shops website, then you have full access to use the internet. My question is, knowing that others are using the same AP, yet when i scan the network gateway with nmap, none of the other ip addresses show up except mine and the APs. So what am I doing wrong, or What is the Host Ap doing to block all other ip addresses? Here is the website info from the browser....edited a little... can anyone see from this what is going on in the output i mentioned of nmap???? I have tried 'nmap -sV -A 192.168.5.1/24 and nmap -sV -A 192.168.5.1-254' also yet no other ip addresses show up. The gateway is 192.168.5.1, so is this gw connected to a 10.10.10.1 net? I have not run 'nmap 192.168.5.1/24 10.0.0.0/8 yet. So, the question is why in the nmap report are not the other ip addresses showing up? fakewebsite.com/att_cp.adp?ProxyHost=&UserAgent=Mozilla%2f5.0+(X11%3b+Linux+i686+on+x86_64%3b+rv%3a7.0.1)+Gecko%2f20100101+Firefox%2f7.0.1&TunnelIfId=349326&NmdId=25798&ReturnHost=nmd.sbx10347.sanfrca.wayport.net&MacAddr=00%3a06%3aAD%3aDB%3aE0%3a98&IpAddr=192.168.5.137&NduMacAddr=00%3a1D%3a70%3a8A%3aDD%3a64&NduPort=4&PortType=Wireless&PortDesc=attwifi%3a%3aAP1&UseCount=1&PaymentMethod=Passthrough&ChargeAmount=0.00&Style=ATT&vsgpId=289968e2-3e17-11dd-9869-0090fb1a3f56&pVersion=2&ValidationHash=cbaafba108c37f2ece7a337b3a57e88d&origDest=&ProxyHost=&vsgId=97616&ts=1325905702 Quote Link to comment Share on other sites More sharing options...
int0x80 Posted January 7, 2012 Share Posted January 7, 2012 If your goal is to find your path out to the uplink, you can just use traceroute, or " " as some next gen hax0rs say.Is the AP kicking you over to the 10.10.10.x net after you 'authenticate'? I would pull an IP, nmap the subnet before authenticating. Then authenticate, check your IP address, and nmap the new subnet if your IP has changed. Then do a battle roll, shop da whops, and under 9000. Quote Link to comment Share on other sites More sharing options...
nix-7 Posted January 7, 2012 Share Posted January 7, 2012 If your goal is to find your path out to the uplink, you can just use traceroute, or " " as some next gen hax0rs say. First time I've seen that vid. Absolute quality, cheers int0x80 Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 7, 2012 Share Posted January 7, 2012 If you can only see yourself and the access point, I'd say the AP must have some kind of isolation protocol activated. If you have an Alfa wireless card, try using Airmong-ng to determine if there is any client authenticated to the AP. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted January 7, 2012 Share Posted January 7, 2012 Nmap shouldn't work as Infiltrator mentioned AP isolation, common in coffee shops and public spots. Usually with AP isolation if you spoof your MAC to that of the AP it will dos the network. Most cisco routers have this enabled. I haven't messed with wifi in a while, but I still think there's ways to use traditional methods w/AP isolation, just in different ways. You can't let ap isolation get you down, I know how you feel, just have to use other methods! Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted January 7, 2012 Share Posted January 7, 2012 Assuming you already have the WPA key, maybe if you run a continuous death attack on a client, then spoof your mac to that client's addy and try to reconnect to the router (without using DHCP, set your information manually to the DHCP lease info the former client used) and maybe you could get free internet. Quote Link to comment Share on other sites More sharing options...
Atomix.Gray Posted January 10, 2012 Share Posted January 10, 2012 Thinking out loud - I am not sure if AP isolation would stop this... what about Opening a command prompt type Net View - then do a nbtstat -a on a computer name. I know that's not going to give you any open ports or OS level.. but it's a start... Quote Link to comment Share on other sites More sharing options...
Diggs Posted January 10, 2012 Share Posted January 10, 2012 I know I have been blocked on AP Isolation/Client Isolation/Layer-2 WAPs when trying to mitm or DNS spoof. The ARP replies go dead in arpspoof and ettercap. I wondered for a while what was blocking my signals to my cell phone. I spoofed my MAC and it DOS'd the coffeeshop for a bit, so this sounds exactly like what I was running into. Any recommendations on fun that can be had on a Client Isolated network interacting with the other clients? And I'm staying out of the router unless that is the last option. I don't have AP Isolation on my home router, so I don't really have a test bed and pivoting off somebody else's router seems like a good way to be a tattooed gorilla's unwilling girlfriend for a couple months. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 11, 2012 Share Posted January 11, 2012 I have found this thread at the Backtrack forums. You might want to give this a shot, see if you have much luck. http://www.backtrack-linux.org/forums/beginners-forum/32657-possible-bypass-client-isolation-wifitap.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.