FI_OpwK's blog Exploit PoC

This is a Proof of Concept article describing a BlackBox pentest on a low-level target giving way to a High-level vulnerability in a big name company.

During Pre-engagement the target was identified only by BSSID and ESSID ( of those tests). The reinterpreted mission Scope: "Reconnect target 'without' brute-force or noisy network activity." The verbatim Scope: "Discover any possibilities of attacking victim or victims account status without using aggressive attack methods."

For this mission 'Wifi Hacking', 'Common Sense', & 'Possible Social Engineering' are at the disposal of the attacker.

You can read my notes at the end of this article

[disclaimer statement]

For obvious reasons detailed steps are omitted for sake of brevity and the safety of other innocent targets which are not aware of attacker activities. Please note: I am trained and authorized to perform these objectives disclosed in this article. I assume no responsibility for others attempting to reproduce the actions discussed in this article. If you are aware of the missing information, please be ethical in your actions.

As always, the information I provide in articles is purely for Educational purposes ONLY!

[/disclaimer statement]

Mission 1: Identify the Target

Identifying the target proved to be an easy task since the target is identified by BSSID and ESSID only. Naturally, a scan within range of the Pre-engagement site topped the list of 'to-dos'. To begin this objective Airmon-ng, Airodump-ng and Aircrack-ng are the tools of choice.

(Note: If you are unaware of the steps required to perform this attack, consult google. Describing the syntax and options used in a Wifi attack are beyond the scope of this article. This is not a tutorial)

//Airmon-ng succeeded in starting interface
//Airodump-g succeeded in displaying APs

Syndicate content