Posted on by patrick

You Cracked the WiFi Password – Now What?

A beginner’s guide to network reconnaissance after gaining WiFi access to the ctf-lab wifi network!

Engage: Celebrate Your First Win

You did it. You captured that WPA2 handshake, ran it through your wordlist, and now you’re connected to the target network. Maybe you brute forced the password. Maybe you social engineered it! That rush you’re feeling? That’s the satisfaction of your first real hack.

But here’s the thing: cracking the WiFi password was just picking the lock on the front door. You’re standing in the lobby now. The real exploration begins here.

So what’s next?

Explore: Understanding Your Position

Before you start poking around, you need to understand where you are on this network. Your device just received some critical information when it connected.

Find Your IP Address

Your IP address is your identity on this network. Find it:

  • iPhone/iPad: Settings → Wi-Fi → tap the network name → look for “IP Address”
  • Android: Settings → Network & Internet → Wi-Fi → tap the gear icon → IP address
  • Mac: System Preferences → Network → Wi-Fi → look for IP Address
  • Windows: Open Command Prompt, type ipconfig
  • Linux: Open terminal, type ip addr or hostname -I

You’ll see something like 192.168.4.47. Write this down.

Find the Default Gateway

The default gateway is even more interesting. This is the network’s router – the device that controls traffic flow and often hosts services. It’s typically the first target worth investigating.

Find it in the same location as your IP address. On this network, it’s likely 192.168.4.1.

Why does this matter? The gateway is almost always running something. Web interfaces. Admin panels. Sometimes vulnerable services that were never meant to be exposed.

Explain: What Can You Do With This Information?

You now know two things:

  1. Your address on the network (your IP)
  2. The “center” of the network (the gateway)

But networks aren’t just two devices. There could be servers, other users, printers, IoT devices, cameras – all potential targets. How do you find them?

Network scanning.

A network scanner sends packets to IP addresses and ports, listening for responses. When something responds, you’ve discovered a live host. When you probe its ports, you discover what services it’s running.

Think of it like this: your IP tells you what apartment building you’re in. Scanning tells you which apartments have their lights on and what’s happening inside.

The Scan Strategy

  1. Host discovery – Find all live devices on the network (typically 192.168.4.1-254)
  2. Port scanning – For each live host, discover which ports are open
  3. Service identification – Determine what’s running on those ports

Common ports to watch for:

  • 22 – SSH (remote shell access)
  • 80/443 – Web servers
  • 21 – FTP (file transfer)
  • 3306 – MySQL database
  • 5000-5002 – Often custom web applications

Elaborate: Tools for Network Discovery

Mobile Apps (Great for Learning)

iOS:

  • Fing – Excellent free network scanner, shows all devices and open ports
  • iNet – Network scanner with port detection
  • Network Analyzer – Comprehensive tool with ping, traceroute, and port scanning

Android:

  • Fing – Same great tool, available on Android
  • Net Analyzer – Free network discovery and diagnostics
  • PortDroid – Dedicated port scanner

Command Line (More Powerful)

Nmap is the gold standard. Install it on any laptop:

# Discover all hosts on the network
nmap -sn 192.168.4.0/24

# Scan common ports on the gateway
nmap 192.168.4.1

# Aggressive scan with service detection
nmap -sV -sC 192.168.4.1

Netcat for quick port checks:

nc -zv 192.168.4.1 80
nc -zv 192.168.4.1 22

Evaluate: Your Reconnaissance Checklist

Before moving to exploitation, confirm you’ve gathered:

  • [ ] Your assigned IP address
  • [ ] The default gateway IP
  • [ ] List of all live hosts on the network
  • [ ] Open ports on each discovered host
  • [ ] Services identified on interesting ports
  • [ ] Any web interfaces found (try opening IPs in your browser!)

Pro tip: Open your browser and navigate directly to the gateway IP. Then try adding port numbers: http://192.168.4.1:5000http://192.168.4.1:5002. Web applications often hide on non-standard ports.

What’s Next?

You’ve mapped the terrain. You know what’s out there. Now the real challenges begin:

  • Can you find hidden web pages?
  • Are there login forms you can test?
  • What happens if you try default credentials?
  • Are there services running that shouldn’t be exposed?

Every open port is a potential entry point. Every web form is a potential vulnerability.

Your reconnaissance is complete. Time to start probing.

Remember: Only practice these techniques on networks you own or have explicit permission to test. Happy hacking.