Once connected to a wireless network, you can use the following process to identify additional targets and vulnerable systems:
- Based on the IP information you have gained so far, look to see if there are any discernible patterns in the network address schemes. An example of this is, you have been issued an IP address in one subnet, but infrastructure services such as DHCP and DNS reside in different subnets. Those subnets likely contain servers containing domain user information such as Active Directory (AD), Lightweight Directory Access Protocol (LDAP), centralized data repositories such as database servers, application servers, and so on. To view the information received in DHCP requests do the following:
root@kali:~/wireless# ...