Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ernest Staats EDMODO -- WME393 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+

Similar presentations

Presentation on theme: "Ernest Staats EDMODO -- WME393 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+"— Presentation transcript:

1 Ernest Staats EDMODO -- WME393 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+ Resources

2 The Disclaimer! This workshop is intended to help you understand how mobile software and hardware can be used to expose security issues in your network Have Permission in writing First! This knowledge is intended to be used responsibly so we can provide academic environments that are secure, safe and accessible

3 So easy a Chimp can do this …. Software demonstrated comes absolutely with NO WARRANTY. Use entirely at your own risk. Dont be a Chimp !! Ernest is not responsible for any subsequent loss or damage whatsoever!

4 Portable Apps ProduKeyview Windows and MS product keys Wireless KeyView stored wireless keys Only SCAN Devices you have permission to SCAN SoftPerfect Network ScannerFind network devices and DHCP servers Firefox portableXSS and SQL tools test my local server x.x. LANSearchFinding files across a network (find the password file)

5 Portable Apps 2 MACaddressViewWhy Mac filtering is not good security use 802.1x Change your Mac Address (MacMakeUp (software folder)) mRemoteNGThis application acts a tabbed remote connection manager CurrPortsA network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer WirelessNetViewDisplays: SSID, Last Signal Quality, Average Signal Quality, Detection Counter, Authentication Algorithm, Cipher Algorithm, MAC Address, etc

6 Portable Apps 3 FirefoxDownloadsView Download URL, Download Filename (with full path), Referrer, MIME Type, File Size, Start/End Time, Download Duration, and Average Download Speed Recuva FileRestoreRecovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3 player StarterView and manage all the programs that run automatically whenever your operating system loads

7 doors on the system where info is sent out from and received When a server app is running on a port, it listens for packets When there is nothing listening on a port, the port is closed TCP/IP Stack 65,536 TCP Ports What is a Port?

8 Open – port has an application listening on it, and is accepting packets. Closed – port is accessible by nmap, but no application is listening on it. Filtered – nmap cant figure out if the port is open or closed because the packets are being filtered. (firewall) Unfiltered – Ports are accessible, but nmap cant figure out if it is open/closed. Port Status Types

9 Any port can be configured to run any service. But major services stick to defaults Popular TCP ports/services: 80 – HTTP (web server) 23 – Telnet 443 – HTTPS (ssl-encrypted web servers) 21 – FTP 22 – SSH (shell access) 25 – SMTP (send ) 110 – POP3 ( retreival)ecure shell, replacement for Telnet) Typical Ports to know

10 445 – Microsoft –DS (SMB communication w/ MS Windows Services 139 – NetBIOS-SSN (communication w/ MS Windows services – 143 – IMAP ( retreival) – 53 – Domain (DNS) – 3306 – MYSQL (database) More Ports that you need to know

11 Nmap ("Network Mapper") is a great tool that we have in both the portable apps and in BT Extremely powerful. Simple use: Nmap –v –A v for verbosity and A for OS/version Detection nmap

12 Scan one target or a range Built-in profiles or make your own for personal ease. Zenmap

13 Visual Map Hop Distance Router Information Group Hosts by Service Zenmap Using a quite traceroute

14 Here are some IPs open to be scanned. Be careful! Just in case Using Zenmap

15 Netsparker Community Edition Register the Software use an you can access to activate the software For the target URL use: ___.___ Web Tools

16 Metadata Tools FOCA (use compatibility mode if needed) Metagoofil MAC address W ill extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, Shared resources, etc also extracts MAC address from Microsoft Office documents EXIF Tool EXIF Viewer Plugin Jeffrey's Exif Viewer

17 Examples of file types that contain metadata JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council) PDF DOC DOCX EXE XLS XLSX PNG Too many to name them all. MAC addresses, user names, edits, GPS info. It all depends on the file format.

18 User Names: Creators. Modifiers. Users in paths. C:Documents and settings/ofmyfile /home/johnny Operating systems Printers. Local and remote Paths Local and remote. Network info. Shared Printers. Shared Folders. ACLS. What Information is in MetaData? Internal Servers. NetBIOS Name. Domain Name. IP Address. Database structures. Table names. Colum names. Device hardware info Photo cameras. Private Info. Personal data. History of use. Software versions.

19 Search for documents in Google and Bing Automatic file downloading capable of extracting Metadata, hidden info and lost data cluster information Analyzes the info to fingerprint the network Fingerprinting Organizations with Collected Archives FOCA

20 Foca free Type a project Name then type the URL use: Extract Metadata, it will be displayed on the right hand side of the window Metadata

21 – Target Enumeration - who to scan – Host Discovery – online – Reverse-DNS resolution – IP -> Host name – Port Scanning – port opened/closed/filtered – Version Detection – Version of service – OS Detection – OS of server – Traceroute – network routes FOCA provides most of this list without you ever running a single scan Phases of Scanning

22 August of 2010, Adam Savage, of MythBusters, took a photo of his vehicle using his smartphone. He then posted the photo to his Twitter account including the phrase off to work Image contained metadata reveling the exact geographical location the photo Savage revealed the exact location of his home, the vehicle he drives and the time he leaves for work GEO Tagging Read the full story here:

23 Cat Schwartz of TechTV and her blog

24 Go to Jeffrey's Exif Viewer Photo 1 photo.JPG Where was the photo taken of the Police office was the photographer on the sidewalk or somewhere else what kind of device was used to take the photo Second photo _MG_5982_ES.jpg what is the ethnicity of the Girl in the photo? device was used to take the photo Meta Data Images Hands on

25 Disable the geotagging function Most smartphones/Tablets & several cameras automatically display geographical information Its important that users make efforts to turn off geotagging More Info Turn off GPS function on phones

26 Software Jpg and PNG metadata striper Hands-On Copy image 1 and 2 used earlier down to local system use metadata striper then compare the BatchPurifier LITE Doc Scrubber Websites Clean your documents: MSOffice 2k3 & XP d-d43e-42ca-bc7b-5446d34e5360 d-d43e-42ca-bc7b-5446d34e5360 Scrubbing Meta Data

27 Doc ScrubberRemove metadata from Word Documents downloaded Select ALL options, reset Author to ES and Company to ES, Click Next Metadata tools

28 InSSIDer – Inspect your Wi-Fi and surrounding networks – Troubleshoot competing access points and clogged Wi-Fi channels – Highlight access points for areas with high Wi-Fi concentration – Track received signals in dBm over time View the SSIDs in the top section and the live graph in the bottom section Wireless Issues

29 Xirrus Wi-FI Inspector -Searching for Wi-Fi networks -Managing and troubleshooting Wi-FI connections -Verifying Wi-FI coverage -Locating Wi-FI devices -Detecting rogue Aps -Excellent Testing tools i.e. Connection Test, Speed Test, Quality Test Wireless Issues

30 Cain and AbleAllows easy recovery of various kind of passwords -Discover Active WIFI -Dump locally stored passwords -Dump WPA 2 PSK Wireless Issues

31 Last Pass Logmein SPiceworks IRdesktop Free Wifi Inet Citrix Vsphere WI-FI Finder Netmon Free Pint NSLookup NetSwissKnife DropBox + BoxCryptor Iphone / IPad Apps

32 All Devices -- Last Pass - Fing - Network Tools – Citrix - DropBox + BoxCryptor – Pocket Cloud Iphone / IPad Apps for network and Security Logmein IRdesktop Free Wifi INet Vsphere WI-FI Finder Netmon Free Pint NSLookup NetSwissKnife Serial IO WiSnap WIFI Com Ports for Telnet to switches from Ipad to the Com port on devices Common & Iphone / IPad Apps

33 Anti - Wi-fi-scanning tool for finding open networks and showing all potential target devices Shark for Root - Traffic sniffer, works on 3G and WiFi Android Apps

34 ConnectBotsecure shell client can manage simultaneous ssh connections ArpSpoof arpspoof is an open source tool for network auditing. It redirects packets on the local network by broadcasting spoofed ARP messages PortKnocker The best portknock client on Android! Now with configurable number of ports; support for TCP or UDP; and more! Nessus nables you to log into your Nessus scanners and start, stop and pause vulnerability scans as well as analyze the results directly from your Android device Android Apps

35 Wifi Analyzer Choose the best WiFI network NetAuditTCP port scanner WiFi Key Recoveryrecover the password of a wireless network you have connected to with your device in the past FaceNiffSniff and intercept web session profiles over the WiFi Network Discovery -- network tool-- discovering, mapping, scanning, profiling your Wifi network Computer/device discovery and port scanner for local area network. Net Scan--Network scanning and discovery along with port scanner. Find holes and security flaws in your network. Android Apps

36 Device IP and hostname, both private and public. Current mobile Cell and any neighbours, signal strength, location info and type IMSI/ IMEI (Used to identify a mobile device and Mobile sim card ) Information about the current mobile provider (MCC+MNC, current connection, etc) The Android device unique ID Full WiFi connection (MAC, current SSID and BSSID, link speed, IP/Netmask, Gateway, DNS and DHCP servers, etc) Your current location according to Android No GPS needed Information regarding Bluetooth status, the current Bluetooth connection(s) IPv6 device and router IP addresses for all device interfaces Network Info II

37 Make a USB bootable using Unetbootin Back Track5

38 Capturing Telnet Password with Wireshark Inside of Backtrack open terminal airmon-ng start wlan0 Open wireshark Back Track5


40 Free File Camouflage A donation screen will appear, click on the skip donation button to launch the application. Hiding Files inside a photo

41 -Must Have Microsoft Network Monitor 3.xMicrosoft Network Monitor 3.x -Run SmartSniff if you want to capture general TCP data or SniffPass if you only want to capture passwords. -You Must Leave the Switch to Monitor Mode window OPEN ! When you close this window, the network card will exit from monitor mode and it'll return back to its normal state. SniffPass

42 It draws connections between entities like name, domain, addresses, etc., good for building a mind map of how things are related. You will have to register for API keys to get the most use out of it Allows you to discover and visualize relationships between atributes like Facebook or Twitter account names, addresss, phone numbers and other information. Its the first step when trying to understand where people fit into the digital world, and with whom they are or have been associated.– Get it rigt now Get it rigt now Lets find someone you know like yourself … Maltego Hands on

43 RobTex A great site for doing reverse DNS look-ups on IPs, grabbing Whois contacts, and finding other general information about an IP or domain name ServerSniff ICMP & TCP traceroutes, SSL Info, DNS reports and Hostnames on a shared IP. Its nice to have them do some of the recon for you Check if your address has been owned Network Domain Info online

44 WSCC – Windows System Control Center My first pick isn't actually a Microsoft tool per se: Windows System Control Center is a one-stop downloader for almost 300 maintenance tools from Microsoft's Sysinternals and the ever-popular NirSoft suites: simply download WSCC from KLS-Soft, check all the tools you need and hit "InstallWindows System Control Center More Tools

45 Please complete the session Please leave Feedback!! Workshop3HRHO WME Wireless and Mobile Attack

Download ppt "Ernest Staats EDMODO -- WME393 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+"

Similar presentations

Ads by Google