These resources might help you:
Firstly I want to thank everyone that has written guides for getting newbies up and running. From which card to buy (I got a WG511T) to setting up packet injection on it, I would have been at a loss were it not for those tutorials.
What I'm looking for now is a general framework/checklist of what you experienced guys do once you gain access to a network. I have successfully cracked my own WEP and used metasploit on my Win2000 machine, but my environment is very simple.
Some questions for you all-
What do you do to map out the network? I know I can see some active wireless clients using airodump, but what about wired clients?
Once it is mapped out, what is your typical plan you use to explore and pentest machines on the network?
All the tools available in BT can be somewhat daunting to a newbie, so I would appreciate some general advice.
Once you connect to the network, try:
nmap -v -sP *wired/wireless ip here*
that should give you that pc's status.
Go ahead, try it, I DARE YOU :cool:
Normally people asking "what next" receive a sarcastic answer back, but just from reading the way you posted the question it seems pretty clear to me that your a smart interested guy. I think what youre asking is what after nmap etc, well theres lots of ways to exploit, you say you use metasploit well you should look up more features of it, theres not much you cant do over wlan/lan with metasploit. If you want to know what else other than metasploit then your basically looking for vulnareble boxes use nmap to scan your subnet. Once this is done start mapping out the network, nmap has a usefull tool for this under ermm mapping. Once youve mapped out which devices are comps start scanning them for vulnerable open ports such as telnet 23. once you have a list of vulnerable boxes go about finding the easiest way to exploit them using the services they are running there are countless tuts on haking windows boxes, you just need to find the best way for your target.
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
Just wanted to say thanks for the info. I feel like I've gotten pretty good at wpa/wep cracking on my router and I was wanting to progress my skills in this very way. I wish the metasploit site would come back up so i could do some recon....its been down for the last two days or so.