Chapter 3. Exploiting Wireless Devices
After our wireless scanning phase is complete, we will have a prioritized list of potential targets that are in scope for our penetration test. This list should be ordered by their relevance to the organization, ease of exploitation, or devices or clients that may contain critical information, such as those accessed by administrators. You can think of the access points as being similar in nature to servers in a DMZ, the primary difference being that these critical servers are typically behind a firewall and other layered defenses, whereas the access points, or "tiny servers with routing capabilities", can be directly accessed by users usually without the benefit of traditional security mechanisms to protect them. Wireless access points can more or less be seen as a potential backdoor to enterprise networks. Like other devices that contain embedded systems, like printers, they are commonly overlooked by administrators and security...