官术网_书友最值得收藏!

Chapter 3. Exploiting Wireless Devices

After our wireless scanning phase is complete, we will have a prioritized list of potential targets that are in scope for our penetration test. This list should be ordered by their relevance to the organization, ease of exploitation, or devices or clients that may contain critical information, such as those accessed by administrators. You can think of the access points as being similar in nature to servers in a DMZ, the primary difference being that these critical servers are typically behind a firewall and other layered defenses, whereas the access points, or "tiny servers with routing capabilities", can be directly accessed by users usually without the benefit of traditional security mechanisms to protect them. Wireless access points can more or less be seen as a potential backdoor to enterprise networks. Like other devices that contain embedded systems, like printers, they are commonly overlooked by administrators and security professionals. Wireless network devices, specifically access points, have been the target of hackers and regularly have vulnerabilities that are publicly disclosed. Once a vulnerability is publicized, it is common to see exploits released into the wild that can be used during your pentest. Compared to other devices on the network like workstations and servers, the patching cycle for network devices is typically sporadic, if it happens at all, widening your window for the successful exploitation of these devices. If wireless at a residence is in scope, there is a very high likelihood that the device's firmware has not been upgraded since it was deployed and default security settings, like administrative credentials, have not been changed. More often than not, an exploitable vulnerability will be discovered in the device firmware but will be left unpatched due to the administrator's reluctance to disrupt the communication provided by the AP, or lack of knowledge of how to patch these devices. By taking advantage of these vulnerabilities in a wireless device, an attacker can gain access to the device, can attack the clients that use the device for access, and can often use these devices as a pivot point to get further into the network.

In this chapter, we will cover the following topics:

  • Attacking the firmware
  • Attacking the services
  • Checks on misconfiguration
主站蜘蛛池模板: 嘉禾县| 华宁县| 怀安县| 宜兴市| 天水市| 镇巴县| 上思县| 徐汇区| 南雄市| 巴楚县| 凤凰县| 栾城县| 阳信县| 西乡县| 花莲市| 内乡县| 禹州市| 谢通门县| 汽车| 衡水市| 朝阳区| 高淳县| 贵德县| 龙川县| 金堂县| 遂宁市| 仙桃市| 青海省| 巴林右旗| 建湖县| 腾冲县| 开封县| 贺兰县| 赤水市| 金寨县| 武穴市| 廊坊市| 郯城县| 武隆县| 扎鲁特旗| 泰和县|