penetration testing: bypassing uncw netreg vince tran & howard kleinberg 1
TRANSCRIPT
1
Penetration Testing:Bypassing UNCW NetReg
Vince Tran&
Howard Kleinberg
2
UNCW NetReg
3
NetReg Vulnerability
4
Media Access Control address
• 6-octet hexadecimal identifier• Unique to every network-enabled device
5
Vulnerability Exploitation
• Obtain the MAC address of a registered device.• Use software to change an ‘attacker’ device’s
MAC address to the registered value.• Access the network using the ‘spoofed’
credentials (i.e., the registered MAC address).
6
Retrieving Targets
• Discovers IP & MAC of all machines connected to the local AP
7
Spoofing the Target’s MAC Address
8
Uses for MAC Address Spoofing• Legitimate:
- Creating wireless connections to a network.- Better method - Changing a device’s role, from router to computer and vice-versa.
• Illegitimate:- Unauthorized, stealthy access (intrusion) into a targeted restricted-access network.- Network traffic redirection.-> Obtain data from other systems on the network…