Presentation on theme: "Portable & Mobile Attacks"— Presentation transcript:
1 Portable & Mobile Attacks Ernest Staats EDMODO -- WME393Technology DirectorMS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+Resources
2 The Disclaimer! Have Permission in writing First! This workshop is intended to help you understand how mobile software and hardware can be used to expose security issues in your networkHave Permission in writing First!This knowledge is intended to be used responsibly so we can provide academic environments that are secure, safe and accessible
3 So easy a Chimp can do this …. Software demonstrated comes absolutely with NO WARRANTY. Use entirely at your own risk.Don’t be a Chimp !!Ernest is not responsible for any subsequent loss or damage whatsoever!
4 Portable Apps ProduKey—view Windows and MS product keys Wireless Key—View stored wireless keysOnly SCAN Devices you have permission to SCANSoftPerfect Network Scanner—Find network devices and DHCP serversFirefox portable—XSS and SQL tools test my local server x.x.LANSearch—Finding files across a network (find the password file)
5 Portable Apps 2MACaddressView—Why Mac filtering is not good security use 802.1xChange your Mac Address (MacMakeUp (software folder))mRemoteNG—This application acts a tabbed remote connection managerCurrPorts—A network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computerWirelessNetView—Displays: SSID, Last Signal Quality, Average Signal Quality, Detection Counter, Authentication Algorithm, Cipher Algorithm, MAC Address, etc
6 Portable Apps 3FirefoxDownloadsView—Download URL, Download Filename (with full path), Referrer, MIME Type, File Size, Start/End Time, Download Duration, and Average Download SpeedRecuva FileRestore—Recovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3 playerStarter—View and manage all the programs that run automatically whenever your operating system loads
7 What is a Port?“doors” on the system where info is sent out from and receivedWhen a server app is running on a port, it listens for packetsWhen there is nothing listening on a port, the port is closedTCP/IP Stack65,536 TCP Ports
8 Port Status TypesOpen – port has an application listening on it, and is accepting packets. Closed – port is accessible by nmap, but no application is listening on it. Filtered – nmap can’t figure out if the port is open or closed because the packets are being filtered. (firewall) Unfiltered – Ports are accessible, but nmap can’t figure out if it is open/closed.
9 Typical Ports to know Any port can be configured to run any service. But major services stick to defaultsPopular TCP ports/services:80 – HTTP (web server)23 – Telnet443 – HTTPS (ssl-encrypted web servers)21 – FTP22 – SSH (shell access)25 – SMTP (send )110 – POP3 ( retreival)ecure shell, replacement for Telnet)
10 More Ports that you need to know 445 – Microsoft –DS (SMB communication w/ MS Windows Services139 – NetBIOS-SSN (communication w/ MS Windowsservices– 143 – IMAP ( retreival)– 53 – Domain (DNS)– 3306 – MYSQL (database)
11 nmapNmap ("Network Mapper") is a great tool that we have in both the portable apps and in BTExtremely powerful.Simple use:Nmap –v –A‘v’ for verbosity and ‘A’ for OS/version Detection
12 ZenmapScan one target or a range Built-in profiles or make your own for personal ease.
13 Using a quite traceroute ZenmapVisual MapHop DistanceRouter InformationGroup Hosts by ServiceUsing a quite traceroute
14 Using Zenmap Here are some IPs open to be scanned. Be careful! Hackerinstitute.netmoodle.gcasda.orgJust in case
15 Web Tools Netsparker Community Edition Register the Software use an you can access to activate the softwareFor the target URL use: ___.___
16 Metadata ToolsFOCA (use compatibility mode if needed) Metagoofil Will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, Shared resources, etc also extracts MAC address from Microsoft Office documents EXIF Tool EXIF Viewer Plugin Jeffrey's Exif ViewerShow EXIF data with plugin. Show Foca.
17 Examples of file types that contain metadata MAC addresses, user names, edits, GPS info. It all depends on the file format.JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council) PDF DOC DOCX EXE XLS XLSX PNG Too many to name them all.
18 What Information is in MetaData? User Names: Creators. Modifiers . Users in paths. C:Documents and settings/ofmyfile /home/johnny Operating systems Printers. Local and remote Paths Local and remote. Network info. Shared Printers. Shared Folders. ACLS.Internal Servers. NetBIOS Name. Domain Name. IP Address. Database structures. Table names. Colum names.Device hardware info Photo cameras. Private Info. Personal data. History of use. Software versions.
19 Fingerprinting Organizations with Collected Archives FOCA Search for documents in Google and Bing Automatic file downloading capable of extracting Metadata, hidden info and lost data cluster information Analyzes the info to fingerprint the network
20 MetadataFoca freeType a project Name then type the URL use: es-es.netExtract Metadata, it will be displayed on the right hand side of the window
21 Phases of Scanning– Target Enumeration - who to scan – Host Discovery – online – Reverse-DNS resolution – IP -> Host name – Port Scanning – port opened/closed/filtered – Version Detection – Version of service – OS Detection – OS of server – Traceroute – network routes FOCA provides most of this list without you ever running a single scan
22 GEO TaggingAugust of 2010, Adam Savage, of “MythBusters,” took a photo of his vehicle using his smartphone. He then posted the photo to his Twitter account including the phrase “off to work”Image contained metadata reveling the exact geographical location the photoSavage revealed the exact location of his home, the vehicle he drives and the time he leaves for workRead the full story here:
24 Meta Data Images Hands on Go to Jeffrey's Exif Viewer Photo 1 photo.JPG Where was the photo taken of the Police office was the photographer on the sidewalk or somewhere else what kind of device was used to take the photo Second photo _MG_5982_ES.jpg what is the ethnicity of the Girl in the photo? device was used to take the photo
25 Turn off GPS function on phones Disable the geotagging function Most smartphones/Tablets & several cameras automatically display geographical information It’s important that users make efforts to turn off geotagging More Info
26 Scrubbing Meta Data Software Websites Jpg and PNG metadata striperHands-OnCopy image 1 and 2 used earlier down to local system use metadata striper then compare theBatchPurifier LITEDoc ScrubberWebsitesClean your documents: MSOffice 2k3 & XP d-d43e-42ca-bc7b-5446d34e5360
27 Metadata toolsDoc Scrubber—Remove metadata from Word Documents downloadedSelect ALL options, reset Author to ES and Company to ES, Click Next
28 Wireless Issues InSSIDer – Inspect your Wi-Fi and surrounding networks– Troubleshoot competing access points and clogged Wi-Fi channels– Highlight access points for areas with high Wi-Fi concentration– Track received signals in dBm over timeView the SSIDs in the top section and the live graph in the bottom section
29 Wireless Issues Xirrus Wi-FI Inspector -Searching for Wi-Fi networks -Managing and troubleshooting Wi-FI connections-Verifying Wi-FI coverage-Locating Wi-FI devices-Detecting rogue Aps-Excellent Testing tools i.e. Connection Test, Speed Test, Quality Test
30 Wireless IssuesCain and Able—Allows easy recovery of various kind of passwords -Discover Active WIFI -Dump locally stored passwords -Dump WPA2 PSK
32 Common & Iphone / IPad Apps All Devices -- Last Pass - Fing - Network Tools – Citrix - DropBox + BoxCryptor – Pocket Cloud Iphone / IPad Apps for network and Security Logmein IRdesktop Free Wifi INet Vsphere WI-FI Finder Netmon Free Pint NSLookup NetSwissKnife Serial IO WiSnap WIFI Com Ports for Telnet to switches from Ipad to the Com port on devices
33 Android AppsAnti - Wi-fi-scanning tool for finding open networks and showing all potential target devices Shark for Root - Traffic sniffer, works on 3G and WiFi
34 Android AppsConnectBot—secure shell client can manage simultaneous ssh connectionsArpSpoof arpspoof is an open source tool for network auditing. It redirects packets on the local network by broadcasting spoofed ARP messagesPortKnockerThe best portknock client on Android! Now with configurable number of ports; support for TCP or UDP; and more!Nessus nables you to log into your Nessus scanners and start, stop and pause vulnerability scans as well as analyze the results directly from your Android device
35 Android AppsWifi Analyzer— Choose the best WiFI network NetAudit—TCP port scanner WiFi Key Recovery—recover the password of a wireless network you have connected to with your device in the past FaceNiff—Sniff and intercept web session profiles over the WiFi Network Discovery -- network tool-- discovering, mapping, scanning, profiling your Wifi network Computer/device discovery and port scanner for local area network. Net Scan--Network scanning and discovery along with port scanner. Find holes and security flaws in your network.
36 Android Apps Network Info II Device IP and hostname, both private and public.Current mobile Cell and any neighbours, signal strength, location info and typeIMSI/ IMEI (Used to identify a mobile device and Mobile sim card )Information about the current mobile provider (MCC+MNC, current connection, etc)The Android device unique IDFull WiFi connection (MAC, current SSID and BSSID, link speed, IP/Netmask, Gateway, DNS and DHCP servers, etc)Your current location according to Android No GPS neededInformation regarding Bluetooth status, the current Bluetooth connection(s)IPv6 device and router IP addresses for all device interfaces
37 Back Track5Make a USB bootable using Unetbootin
38 Back Track5Capturing Telnet Password with Wireshark Inside of Backtrack open terminal “airmon-ng start wlan0” Open wireshark
40 Hiding Files inside a photo Free File Camouflage A donation screen will appear, click on the skip donation button to launch the application.
41 SniffPass-Must Have Microsoft Network Monitor 3.x -Run SmartSniff if you want to capture general TCP data or SniffPass if you only want to capture passwords. -You Must Leave the “Switch to Monitor Mode” window OPEN ! When you close this window, the network card will exit from monitor mode and it'll return back to its normal state.
42 Maltego Hands onIt draws connections between entities like name, domain, addresses, etc., good for building a mind map of how things are related. You will have to register for API keys to get the most use out of it Allows you to discover and visualize relationships between atributes like Facebook or Twitter account names, addresss, phone numbers and other information. It’s the first step when trying to understand where people fit into the digital world, and with whom they are or have been associated.– Get it rigt now Let’s find someone you know like yourself …
43 Network Domain Info online RobTex A great site for doing reverse DNS look-ups on IPs, grabbing Whois contacts, and finding other general information about an IP or domain name ServerSniff ICMP & TCP traceroutes, SSL Info, DNS reports and Hostnames on a shared IP. It’s nice to have them do some of the recon for you Check if your address has been owned
44 More ToolsWSCC – Windows System Control Center My first pick isn't actually a Microsoft tool per se: Windows System Control Center is a one-stop downloader for almost 300 maintenance tools from Microsoft's Sysinternals and the ever-popular NirSoft suites: simply download WSCC from KLS-Soft, check all the tools you need and hit "Install
45 Please leave Feedback!!Please complete the session evaluation @:Workshop3HRHO WMEWireless and Mobile Attack