Presentation is loading. Please wait.

Presentation is loading. Please wait.

Portable & Mobile Attacks

Similar presentations


Presentation on theme: "Portable & Mobile Attacks"— Presentation transcript:

1 Portable & Mobile Attacks
Ernest Staats EDMODO -- WME393 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+ Resources

2 The Disclaimer! Have Permission in writing First!
This workshop is intended to help you understand how mobile software and hardware can be used to expose security issues in your network Have Permission in writing First! This knowledge is intended to be used responsibly so we can provide academic environments that are secure, safe and accessible

3 So easy a Chimp can do this ….
Software demonstrated comes absolutely with NO WARRANTY. Use entirely at your own risk. Don’t be a Chimp !! Ernest is not responsible for any subsequent loss or damage whatsoever!

4 Portable Apps ProduKey—view Windows and MS product keys
Wireless Key—View stored wireless keys Only SCAN Devices you have permission to SCAN SoftPerfect Network Scanner—Find network devices and DHCP servers Firefox portable—XSS and SQL tools test my local server x.x. LANSearch—Finding files across a network (find the password file)

5 Portable Apps 2 MACaddressView—Why Mac filtering is not good security use 802.1x Change your Mac Address (MacMakeUp (software folder)) mRemoteNG—This application acts a tabbed remote connection manager CurrPorts—A network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer WirelessNetView—Displays: SSID, Last Signal Quality, Average Signal Quality, Detection Counter, Authentication Algorithm, Cipher Algorithm, MAC Address, etc

6 Portable Apps 3 FirefoxDownloadsView—Download URL, Download Filename (with full path), Referrer, MIME Type, File Size, Start/End Time, Download Duration, and Average Download Speed Recuva FileRestore—Recovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3 player Starter—View and manage all the programs that run automatically whenever your operating system loads

7 What is a Port? “doors” on the system where info is sent out from and received When a server app is running on a port, it listens for packets When there is nothing listening on a port, the port is closed TCP/IP Stack 65,536 TCP Ports

8 Port Status Types Open – port has an application listening on it, and is accepting packets. Closed – port is accessible by nmap, but no application is listening on it. Filtered – nmap can’t figure out if the port is open or closed because the packets are being filtered. (firewall) Unfiltered – Ports are accessible, but nmap can’t figure out if it is open/closed.

9 Typical Ports to know Any port can be configured to run any service.
But major services stick to defaults Popular TCP ports/services: 80 – HTTP (web server) 23 – Telnet 443 – HTTPS (ssl-encrypted web servers) 21 – FTP 22 – SSH (shell access) 25 – SMTP (send ) 110 – POP3 ( retreival)ecure shell, replacement for Telnet)

10 More Ports that you need to know
445 – Microsoft –DS (SMB communication w/ MS Windows Services 139 – NetBIOS-SSN (communication w/ MS Windows services – 143 – IMAP ( retreival) – 53 – Domain (DNS) – 3306 – MYSQL (database)

11 nmap Nmap ("Network Mapper") is a great tool that we have in both the portable apps and in BT Extremely powerful. Simple use: Nmap –v –A ‘v’ for verbosity and ‘A’ for OS/version Detection

12 Zenmap Scan one target or a range Built-in profiles or make your own for personal ease.

13 Using a quite traceroute
Zenmap Visual Map Hop Distance Router Information Group Hosts by Service Using a quite traceroute

14 Using Zenmap Here are some IPs open to be scanned. Be careful!
Hackerinstitute.net moodle.gcasda.org Just in case

15 Web Tools Netsparker Community Edition
Register the Software use an you can access to activate the software For the target URL use: ___.___

16 Metadata Tools FOCA (use compatibility mode if needed) Metagoofil Will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, Shared resources, etc also extracts MAC address from Microsoft Office documents EXIF Tool EXIF Viewer Plugin https://addons.mozilla.org/en-US/firefox/addon/3905 Jeffrey's Exif Viewer Show EXIF data with plugin. Show Foca.

17 Examples of file types that contain metadata
MAC addresses, user names, edits, GPS info. It all depends on the file format. JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council) PDF DOC DOCX EXE XLS XLSX PNG Too many to name them all.

18 What Information is in MetaData?
User Names: Creators. Modifiers . Users in paths. C:Documents and settings/ofmyfile /home/johnny Operating systems Printers. Local and remote Paths Local and remote. Network info. Shared Printers. Shared Folders. ACLS. Internal Servers. NetBIOS Name. Domain Name. IP Address. Database structures. Table names. Colum names. Device hardware info Photo cameras. Private Info. Personal data. History of use. Software versions.

19 Fingerprinting Organizations with Collected Archives FOCA
Search for documents in Google and Bing Automatic file downloading capable of extracting Metadata, hidden info and lost data cluster information Analyzes the info to fingerprint the network

20 Metadata Foca free Type a project Name then type the URL use: es-es.net Extract Metadata, it will be displayed on the right hand side of the window

21 Phases of Scanning – Target Enumeration - who to scan – Host Discovery – online – Reverse-DNS resolution – IP -> Host name – Port Scanning – port opened/closed/filtered – Version Detection – Version of service – OS Detection – OS of server – Traceroute – network routes FOCA provides most of this list without you ever running a single scan

22 GEO Tagging August of 2010, Adam Savage, of “MythBusters,” took a photo of his vehicle using his smartphone. He then posted the photo to his Twitter account including the phrase “off to work” Image contained metadata reveling the exact geographical location the photo Savage revealed the exact location of his home, the vehicle he drives and the time he leaves for work Read the full story here:

23 Cat Schwartz of TechTV and her blog

24 Meta Data Images Hands on
Go to Jeffrey's Exif Viewer Photo 1 photo.JPG Where was the photo taken of the Police office was the photographer on the sidewalk or somewhere else what kind of device was used to take the photo Second photo _MG_5982_ES.jpg what is the ethnicity of the Girl in the photo? device was used to take the photo

25 Turn off GPS function on phones
Disable the geotagging function Most smartphones/Tablets & several cameras automatically display geographical information It’s important that users make efforts to turn off geotagging More Info

26 Scrubbing Meta Data Software Websites
Jpg and PNG metadata striper Hands-On Copy image 1 and 2 used earlier down to local system use metadata striper then compare the BatchPurifier LITE Doc Scrubber Websites Clean your documents: MSOffice 2k3 & XP d-d43e-42ca-bc7b-5446d34e5360

27 Metadata tools Doc Scrubber—Remove metadata from Word Documents downloaded Select ALL options, reset Author to ES and Company to ES, Click Next

28 Wireless Issues InSSIDer
– Inspect your Wi-Fi and surrounding networks – Troubleshoot competing access points and clogged Wi-Fi channels – Highlight access points for areas with high Wi-Fi concentration – Track received signals in dBm over time View the SSIDs in the top section and the live graph in the bottom section

29 Wireless Issues Xirrus Wi-FI Inspector -Searching for Wi-Fi networks
-Managing and troubleshooting Wi-FI connections -Verifying Wi-FI coverage -Locating Wi-FI devices -Detecting rogue Aps -Excellent Testing tools i.e. Connection Test, Speed Test, Quality Test

30 Wireless Issues Cain and Able—Allows easy recovery of various kind of passwords -Discover Active WIFI -Dump locally stored passwords -Dump WPA2 PSK

31 Iphone / IPad Apps Last Pass Logmein SPiceworks IRdesktop Free Wifi Inet Citrix Vsphere WI-FI Finder Netmon Free Pint NSLookup NetSwissKnife DropBox + BoxCryptor

32 Common & Iphone / IPad Apps
All Devices -- Last Pass - Fing - Network Tools – Citrix - DropBox + BoxCryptor – Pocket Cloud Iphone / IPad Apps for network and Security Logmein IRdesktop Free Wifi INet Vsphere WI-FI Finder Netmon Free Pint NSLookup NetSwissKnife Serial IO WiSnap WIFI Com Ports for Telnet to switches from Ipad to the Com port on devices

33 Android Apps Anti - Wi-fi-scanning tool for finding open networks and showing all potential target devices Shark for Root - Traffic sniffer, works on 3G and WiFi

34 Android Apps ConnectBot—secure shell client can manage simultaneous ssh connections ArpSpoof arpspoof is an open source tool for network auditing. It redirects packets on the local network by broadcasting spoofed ARP messages PortKnocker The best portknock client on Android! Now with configurable number of ports; support for TCP or UDP; and more! Nessus nables you to log into your Nessus scanners and start, stop and pause vulnerability scans as well as analyze the results directly from your Android device

35 Android Apps Wifi Analyzer— Choose the best WiFI network NetAudit—TCP port scanner WiFi Key Recovery—recover the password of a wireless network you have connected to with your device in the past FaceNiff—Sniff and intercept web session profiles over the WiFi Network Discovery -- network tool-- discovering, mapping, scanning, profiling your Wifi network Computer/device discovery and port scanner for local area network. Net Scan--Network scanning and discovery along with port scanner. Find holes and security flaws in your network.

36 Android Apps Network Info II
Device IP and hostname, both private and public. Current mobile Cell and any neighbours, signal strength, location info and type IMSI/ IMEI (Used to identify a mobile device and Mobile sim card ) Information about the current mobile provider (MCC+MNC, current connection, etc) The Android device unique ID Full WiFi connection (MAC, current SSID and BSSID, link speed, IP/Netmask, Gateway, DNS and DHCP servers, etc) Your current location according to Android No GPS needed Information regarding Bluetooth status, the current Bluetooth connection(s) IPv6 device and router IP addresses for all device interfaces

37 Back Track5 Make a USB bootable using Unetbootin

38 Back Track5 Capturing Telnet Password with Wireshark Inside of Backtrack open terminal “airmon-ng start wlan0” Open wireshark

39 Back Track5

40 Hiding Files inside a photo
Free File Camouflage A donation screen will appear, click on the skip donation button to launch the application.

41 SniffPass -Must Have Microsoft Network Monitor 3.x -Run SmartSniff if you want to capture general TCP data or SniffPass if you only want to capture passwords. -You Must Leave the “Switch to Monitor Mode” window OPEN ! When you close this window, the network card will exit from monitor mode and it'll return back to its normal state.

42 Maltego Hands on It draws connections between entities like name, domain, addresses, etc., good for building a mind map of how things are related. You will have to register for API keys to get the most use out of it Allows you to discover and visualize relationships between atributes like Facebook or Twitter account names, addresss, phone numbers and other information. It’s the first step when trying to understand where people fit into the digital world, and with whom they are or have been associated.– Get it rigt now Let’s find someone you know like yourself …

43 Network Domain Info online
RobTex A great site for doing reverse DNS look-ups on IPs, grabbing Whois contacts, and finding other general information about an IP or domain name ServerSniff ICMP & TCP traceroutes, SSL Info, DNS reports and Hostnames on a shared IP. It’s nice to have them do some of the recon for you Check if your address has been owned

44 More Tools WSCC – Windows System Control Center My first pick isn't actually a Microsoft tool per se: Windows System Control Center is a one-stop downloader for almost 300 maintenance tools from Microsoft's Sysinternals and the ever-popular NirSoft suites: simply download WSCC from KLS-Soft, check all the tools you need and hit "Install

45 Please leave Feedback!! Please complete the session evaluation @: Workshop3HRHO WME Wireless and Mobile Attack


Download ppt "Portable & Mobile Attacks"

Similar presentations


Ads by Google