Post-Connection Attacks

 All the attacks that we performed in the pre-connection and gaining access section, we
weren't connected to a network. In this section, we are going to be talking about post-
connection attack that means the attacks that we can do after connecting to the
network. Now, it doesn't matter that the network is a wireless or a wired network and it
doesn't matter that the target was using the WEP or WPA key, we can launch all of the
attacks that we're going to talk about in this section.

In all the previous attacks, we kept our wireless card in monitor mode, so that we could capture
any packet that goes in the air. In this section, we're going to use our wireless card in managed
mode because we have access to the network, so we really don't need to capture everything,
we only want to capture packets that are directed to us.

In this section, we're going to look at the attacks that can perform when we break through the
network. Firstly, we're going to use a tool netdiscover to gather all the important information
about the network, and that information will help us to launch attacks. It is used to explore all
the clients that are connected to a system. After this, we will learn a tool called Zenmap. This
tool has a better interface and is more powerful than netdiscover. This tool is used to gather
detailed information about all of the clients connected to the same network.

Netdiscover
 The netdiscover is a tool which is used to gather all the important information about the
network. It gathers information about the connected clients and the router. As for the
connected clients, we'll be able to know their IP, MAC address and the operating
system, as well as the ports that they have open in their devices. As for the router, it will
help us to know the manufacturer of the router. Then we'll be able to look for
vulnerabilities that we can use against the clients or against the router if we are trying to
hack them.

In the Network penetration testing, we used airodump-ng to discover all the connected clients
to the network. In the second part of the airodump-ng output, we learned how we could see
the associated clients and their MAC addresses. All these details we can get before we connect
to the target access point. Now, after connecting to the network, we can gather much more
detailed information about these devices. To do this task, there are a lot of programs, but we're
going to talk about two programs. Now start with the simplest and quickest one, netdiscover.

The netdiscover is a quicker and simplest program to use, but it doesn't show very detailed
information about the target clients. It'll only show us their IP address, their MAC address, and
sometimes the hardware manufacturer. We're going to use it by typing netdiscover, then we
are going to use -r, and then we are going to specify the range, which can be any range we
want. Looking at the IP (which is 10.0.2.1) tells us which network we are in. We want to
discover all the clients that are in this network, so we're going to try and see if there is a device
in 10.0.2.1. Then we're going to try 12, 13, 14, 15, 16, up to 254, that's the end of the range. So,
to specify a whole range, we can write /24. That means we want 10.0.2.1, and then this IP is
just going to increase up to 10.0.2.254, which is the end of the IP range in the network. The
command for this is as follows:

Now hit Enter. It will return the output very fast, producing the result shown in the following
screenshot:

In the above screenshot, we can see that we have four devices connected to the network. We
have their IP address, MAC address, and the MAC Vendor. This method was very quick, and it
just shows simple information.