Getting to know your Neighbors

Get the Word Out there

Welcome to the second installment of the aimless wandering “personal pen-testing” section. if you haven’t gotten bored so far please continue on, and consider giving us a like on Facebook above.

If you get your foot in the door, meaning you’ve discovered the password to the network of choice, masked your MAC address properly and made sure the connection is providing all the wonders that the interwebs can deliver.  Then we can move to the next part of our work, that is getting to know our neighbours.

If you find that after authenticating to the network, you still cannot manage connecting to the internet, then you may find you self on a network set up to allow only known MAC address to the proper subnet.  To bypass this problem you need to make yourself appear to be a known device.  To explain this further and to give a a general walkthrough of the entire process i found the video below to really helpful.

Once we are past this point and all our devices are talking with all their devices, the next question is, now what?  From this point we can go any number of ways depending on the goal of the exercise and the level of stealth we trying to keep.

I prefer to take the passive approach. so much so that once I’m sure I have the authentication required to gain access to the network, I sometimes step back outside of the connection, and fire up airodump-ng  and once again dial it into the proper bssid, only this time I employ the -a option. This begins my inner map of the network in question, once I have recorded the MAC addresses of the other devices on the network, sometimes with a small network even the gateway computer will be easy to find as the packet count for that device will be much higher then the single workstations around it.

While the above shows you the beginning landscape of the network, we now reconnect, and fire up p0f.  While this passive OS fingerprinting tool is doing it’s thing,  open your terminal and enter the “route” command. The IP address of your network’s default gateway should reveal itself at this point, also take the moment to look at the column labelled genmask, this should resemble a number like and is referred to normally as a subnet mask.

Now this is where intent comes into play, what are you looking for, do you want to try to capture passwords, and logins?  Are you looking to take over another workstation with in your network?  If you are looking to take a peek at the data going from the network to the internet,  then please continue further.  For the moment I focus on packets and passwords, if you looking for the more detailed and involved process of taking control of another device, I recommend the same place I go for All things Metasploit,  look for Mubix and his amazing segments.

As I stated earlier, I’m in it for the packets, and also I like to avoid making a digital racket for as long as a possible.  I again, step out of the network and fire up airodump-ng, focusing on the proper bssid and using the -a option, and then go for a walk. Yes a Walk, sitting in front of a computer screen all day is hell on the back, and the waist line. Stretch, walk, troll for open wifi networks with your handy rooted mobile device.

If your not going to get up and enjoy life in 3D, then just give the program and hour or two to collect all those fun little packets of information.  Once finished, exit the program and locate the cap file that was produced.

When it comes to parsing the cap file we have a number of options, the more popular tool you’ll come acrossed is Wireshark, and there are a million tutorials for learning to use it if you like.  A windows program that will work decent enough is Network Miner, and again plenty of info on usage is all over the tubes.

My personal preference these days is airdecap-ng, the tool as the ability to decode those tasty bits and bytes. There are some limits and requirements for what a cap file should contain in order to work, such as with decoding a WPA2 protected stream of data, the four way handshake needs to be present.  There are simple enough ways too go about getting those frames. Aireplay-ng is an awesome tool and it comes with the Aircrack-ng suite.

The follow video should help clear up any missed point i should have covered.

Now I have stated that I prefer to silently invade the network, and only make a digital $h*t storm when I know nobody is listening. with out further ado, lets get to the fun part, the next segment is on MITM (Man In The Middle) attacks and there effectiveness.  If i haven’t lost you yet feel free to Join me.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

We at Aimless Wanderings want to help assist the local humane societies find homes for their older cats. An older cat is harder to find a forever home, by taking the fees away from the adoption we hope to make their stay in the shelter as short as possible.

These fees range between $40 and $70 dollars, as we are looking to sponser the older ones of the group. The Humane Society we are currently working to help is the Conway Humane Society you can find the site and there current list of furry residences at