knock knock knock

9 06 2010

Ok, so in the last one, we found out that NETGEAR is open

00:09:5B:1C:AA:1D 11 16 10 0 0 11 54. OPN NETGEAR

Following on from the last post, we want to drop our interface back out of monitor mode

root@bt:~# airmon-ng stop wlan0

Interface       Chipset         Driver

wlan0           ZyDAS 1211      zd1211rw - [phy0]
                                (monitor mode disabled)
mon0            ZyDAS 1211      zd1211rw - [phy0]

make sure the interface is up with the usual

root@bt:~# ifconfig wlan0 up

once the interface up, its time to associate with the access point

root@bt:~# iwconfig wlan0 essid NETGEAR
root@bt:~# iwconfig
wlan0     IEEE 802.11bg  ESSID:"NETGEAR"
          Mode:Managed  Frequency:2.437 GHz  Access Point: 00:09:5B:1C:AA:1D
          Bit Rate=1 Mb/s   Tx-Power=27 dBm
          Retry min limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=17/100  Signal level=17/100
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

all things being equal, we should be associated with the wireless network NETGEAR through the access point we saw in the beginning 00:09:5B:1C:AA:1D. Now what … IP address of course

oot@bt:~# dhclient wlan0
There is already a pid file /var/run/ with pid 9985
killed old client process, removed PID file
Internet Systems Consortium DHCP Client V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit

mon0: unknown hardware address type 803
mon0: unknown hardware address type 803
Listening on LPF/wlan0/00:07:d1:88:11:0f
Sending on   LPF/wlan0/00:07:d1:88:11:0f
Sending on   Socket/fallback
DHCPDISCOVER on wlan0 to port 67 interval 4
DHCPREQUEST of on wlan0 to port 67
DHCPACK of from
bound to -- renewal in 39170 seconds.
root@bt:~# ifconfig wlan0
wlan0     Link encap:Ethernet  HWaddr 00:07:d1:88:11:0f
          inet addr:  Bcast:  Mask:
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
root@bt:~# cat /etc/resolv.conf
domain mydomain
search mydomain
root@bt:~# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface   U         0 0          0 wlan0         UG        0 0          0 wlan0

so there we have it, we connected to the wireless network, received an IP address, dns & default route from the DHCP server & still havent used any of the l33t fun tools in backtrack yet.