Bring back the hub!
Let's say you've got a four-port switch.
In port one, you've got a workstation PC.
In port two, you've got a workstation PC.
In port three, you've got a server PC.
In port four, you've got a wireless access point.
On the wireless access point there's three laptops which belong to civilians sitting in the waiting room, surfing the web while they wait to get their teeth pulled.
You come along as the pentester, hired to try capture the plain text passwords going between the workstations and the server.
Now if it was all hubs instead of switches, it'd be simple: Just open up wireshark and listen.
But, if you're sitting on a wireless access point, how would you go about sniffing the traffic on the wired part of the network... ? Would you use ARP poisoning?
Nah, I'd tell them they need to line up all their monitors in a row and then put CCTV on them 24/7. That way I could monitor everything they were looking at and their keystrokes on their keyboard. Much easier. Just tell them they can't move and they have to sit close to each other. Arp-poisoning? Lol, nobody uses that.
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
Pop a tap in line to the Server.Originally Posted by spankdidly
Thorn
Stop the TSA now! Boycott the airlines.
Yes, Arp-poisoning will work, just use ettercap if this is YOUR network. There's about 1000 posts about it.
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
Put ex-lax in the coffee and when they get up to go to the bathroom you can go see what they are doing.
If you were a real professional pen tester, then you wouldn't be asking this question. I hope that you're not really asking this for a job you're doing.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
It's like asking to bring back Win95 without updates because its easier to hack.
Now that's social engineering!
Thorn
Stop the TSA now! Boycott the airlines.
So you dont have access to the wired portion, and you came along as a, "pentester". You're only access to the wire is wireless. And you would like to see plain text passwords on the said wire. Well in that case, yea.
<EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>
I'd call it unsocial engineering.Now that's social engineering!
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
Posting Permissions
