官术网_书友最值得收藏!

Chapter 3. Exploiting Wireless Devices

After our wireless scanning phase is complete, we will have a prioritized list of potential targets that are in scope for our penetration test. This list should be ordered by their relevance to the organization, ease of exploitation, or devices or clients that may contain critical information, such as those accessed by administrators. You can think of the access points as being similar in nature to servers in a DMZ, the primary difference being that these critical servers are typically behind a firewall and other layered defenses, whereas the access points, or "tiny servers with routing capabilities", can be directly accessed by users usually without the benefit of traditional security mechanisms to protect them. Wireless access points can more or less be seen as a potential backdoor to enterprise networks. Like other devices that contain embedded systems, like printers, they are commonly overlooked by administrators and security professionals. Wireless network devices, specifically access points, have been the target of hackers and regularly have vulnerabilities that are publicly disclosed. Once a vulnerability is publicized, it is common to see exploits released into the wild that can be used during your pentest. Compared to other devices on the network like workstations and servers, the patching cycle for network devices is typically sporadic, if it happens at all, widening your window for the successful exploitation of these devices. If wireless at a residence is in scope, there is a very high likelihood that the device's firmware has not been upgraded since it was deployed and default security settings, like administrative credentials, have not been changed. More often than not, an exploitable vulnerability will be discovered in the device firmware but will be left unpatched due to the administrator's reluctance to disrupt the communication provided by the AP, or lack of knowledge of how to patch these devices. By taking advantage of these vulnerabilities in a wireless device, an attacker can gain access to the device, can attack the clients that use the device for access, and can often use these devices as a pivot point to get further into the network.

In this chapter, we will cover the following topics:

  • Attacking the firmware
  • Attacking the services
  • Checks on misconfiguration
主站蜘蛛池模板: 吉安县| 繁昌县| 林甸县| 湾仔区| 定陶县| 平塘县| 明溪县| 平乐县| 保山市| 新平| 广州市| 米泉市| 辽中县| 临泉县| 阳江市| 德阳市| 历史| 密山市| 淮北市| 龙泉市| 获嘉县| 章丘市| 灵璧县| 香河县| 友谊县| 平定县| 天水市| 通州市| 银川市| 宁远县| 桐城市| 光泽县| 历史| 麦盖提县| 彭州市| 阿拉善盟| 普安县| 高青县| 会东县| 兴安盟| 吉首市|