Ernest Staats EDMODO -- WME393 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+ [email protected] Resources available @ www.es-es.net/ 2.html
Mar 27, 2015
Ernest Staats EDMODO -- WME393 Technology Director
MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+ [email protected]
Resources available @www.es-es.net/2.html
The Disclaimer!This workshop is intended to help you understand how
mobile software and hardware can be used to expose
security issues in your network
Have Permission in writing First!
This knowledge is intended to be used responsibly so we
can provide academic environments that are secure, safe
and accessible
So easy a Chimp can do this ….
Software demonstrated comes absolutely with NO WARRANTY. Use entirely at your own risk.
Don’t be a Chimp !!
Ernest is not responsible for any subsequent loss or damage whatsoever!
Portable Apps
ProduKey—view Windows and MS product keys
Wireless Key—View stored wireless keys
Only SCAN Devices you have permission to SCAN
SoftPerfect Network Scanner—Find network devices and DHCP servers
Firefox portable—XSS and SQL tools test my local server 10.37.x.x.
LANSearch—Finding files across a network (find the password file)
Portable Apps 2 MACaddressView—Why Mac filtering is not good security use 802.1x
Change your Mac Address (MacMakeUp (software folder))
mRemoteNG—This application acts a tabbed remote connection manager
CurrPorts—A network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer
WirelessNetView—Displays: SSID, Last Signal Quality, Average Signal Quality, Detection Counter, Authentication Algorithm, Cipher Algorithm, MAC Address, etc
Portable Apps 3 FirefoxDownloadsView—Download URL, Download Filename (with full path), Referrer, MIME Type, File Size, Start/End Time, Download Duration, and Average Download Speed
Recuva FileRestore—Recovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3 player
Starter—View and manage all the programs that run automatically whenever your operating system loads
“doors” on the system where info is sent out from and received
When a server app is running on a port, it listens for packets
When there is nothing listening on a port, the port is closed
TCP/IP Stack• 65,536 TCP Ports
What is a Port?
Open – port has an application listening on it, and is accepting packets.
Closed – port is accessible by nmap, but no application is listening on it.
Filtered – nmap can’t figure out if the port is open or closed because the packets are being filtered. (firewall)
Unfiltered – Ports are accessible, but nmap can’t figure out if it is open/closed.
Port Status Types
Any port can be configured to run any service.• But major services stick to defaults
Popular TCP ports/services:• 80 – HTTP (web server)
• 23 – Telnet
• 443 – HTTPS (ssl-encrypted web servers)
• 21 – FTP
• 22 – SSH (shell access)
• 25 – SMTP (send email)
• 110 – POP3 (email retreival)ecure shell, replacement for Telnet)
Typical Ports to know
• 445 – Microsoft –DS (SMB communication w/ MS Windows Services
• 139 – NetBIOS-SSN (communication w/ MS Windows
services
– 143 – IMAP (email retreival)
– 53 – Domain (DNS)
– 3306 – MYSQL (database)
More Ports that you need to know
Nmap ("Network Mapper") is a great tool that we have in both the portable apps and in BT
Extremely powerful.
Simple use:Nmap –v –A
‘v’ for verbosity and ‘A’ for OS/version Detection
nmap
Scan one target or a range
Built-in profiles or make your own for personal ease.
Zenmap
Visual Map• Hop Distance
• Router Information
Group Hosts by Service
Zenmap
Using a quite traceroute
Here are some IPs open to be scanned. Be careful!• 66.110.218.68
• 66.110.220.87
• Hackerinstitute.net
• 66.110.218.106
• moodle.gcasda.org
Just in case• 192.168.2.254
• 192.168.2.240
Using Zenmap
Netsparker Community Edition
Register the Software use an email you can access to activate the software
For the target URL use: 10.37.___.___
Web Tools
Metadata ToolsFOCA (use compatibility mode if needed)
http://www.informatica64.com/DownloadFOCA/
Metagoofilhttp://www.edge-security.com/metagoofil.php
Will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, Shared resources, etc also extracts MAC address MAC address from Microsoft Office documents
EXIF Toolhttp://www.sno.phy.queensu.ca/~phil/exiftool/
EXIF Viewer Pluginhttps://addons.mozilla.org/en-US/firefox/addon/3905
Jeffrey's Exif Viewer http://regex.info/exif.cgi
Examples of file types that contain metadata
JPG EXIF (Exchangeable image file format)IPTC (International Press Telecommunications Council)
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all.
MAC addresses, user names, edits, GPS info. It all depends on the file format.
User Names:Creators.Modifiers .Users in paths.
C:Documents and settings/ofmyfile/home/johnny
Operating systemsPrinters.Local and remotePaths
Local and remote.Network info.Shared Printers.Shared Folders.
ACLS.
What Information is in MetaData?
Internal Servers.NetBIOS Name.Domain Name.IP Address.Database structures.Table names.Colum names.
Device hardware info
Photo cameras.Private Info.Personal data.History of use.Software versions.
Search for documents in Google and Bing
Automatic file downloading capable of extracting Metadata, hidden info and lost data cluster information Analyzes the info to fingerprint the network http://www.informatica64.com/FOCA
Fingerprinting Organizations with Collected Archives FOCA
Foca free
Type a project Name then type the URL use: es-es.net
Extract Metadata, it will be displayed on the right hand side of the window
Metadata
– Target Enumeration - who to scan
– Host Discovery – online
– Reverse-DNS resolution – IP -> Host name
– Port Scanning – port opened/closed/filtered
– Version Detection – Version of service
– OS Detection – OS of server
– Traceroute – network routes
FOCA provides most of this list without you ever running a single scan
Phases of Scanning
August of 2010, Adam Savage, of “MythBusters,” took a photo of his vehicle using his smartphone. He then posted the photo to his Twitter account including the phrase “off to work”
Image contained metadata reveling the exact geographical location the photo
Savage revealed the exact location of his home, the vehicle he drives and the time he leaves for work
GEO Tagging GEO Tagging
Read the full story here: http://nyti.ms/917hRh
Cat Schwartz of TechTV and her blog
Go to
Jeffrey's Exif Viewer http://regex.info/exif.cgi
Photo 1photo.JPG
Where was the photo taken of the Police office was the photographer on the sidewalk or somewhere else what kind of device was used to take the photo
Second photo
_MG_5982_ES.jpg what is the ethnicity of the Girl in the photo?
device was used to take the photo
Meta Data Images Hands on
Disable the geotagging function
Most smartphones/Tablets & several cameras automatically display geographical information
It’s important that users make efforts to turn off geotagging
More Info http://es-es.net/2.html
Turn off GPS function on phonesTurn off GPS function on phones
Software• Jpg and PNG metadata striper http://www.steelbytes.com/?mid=30
• Hands-On • Copy image 1 and 2 used earlier down to local system use metadata
striper then compare the results @ http://regex.info/exif.cgi
• BatchPurifier LITE• http://www.digitalconfidence.com/downloads.html
• Doc Scrubber• http://www.javacoolsoftware.com/dsdownload.html
Websites• http://regex.info/exif.cgi • http://trial.3bview.com/3BTrial/pages/clean.jsp • Clean your documents: MSOffice 2k3 & XP
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=144e54ed-d43e-42ca-bc7b-5446d34e5360
Scrubbing Meta Data
Doc Scrubber—Remove metadata from Word Documents downloaded
Select ALL options, reset Author to ES and Company to ES, Click Next
Metadata tools
InSSIDer
– Inspect your Wi-Fi and surrounding networks
– Troubleshoot competing access points and clogged Wi-Fi channels
– Highlight access points for areas with high Wi-Fi concentration
– Track received signals in dBm over time
View the SSIDs in the top section and the live graph in the bottom section
Wireless Issues
Xirrus Wi-FI Inspector
-Searching for Wi-Fi networks
-Managing and troubleshooting Wi-FI connections
-Verifying Wi-FI coverage
-Locating Wi-FI devices
-Detecting rogue Aps
-Excellent Testing tools i.e. Connection Test, Speed Test, Quality Test
Wireless Issues
Cain and Able—Allows easy recovery of various kind of passwords
-Discover Active WIFI
-Dump locally stored passwords
-Dump WPA2 PSK
Wireless Issues
Last Pass
Logmein
SPiceworks
IRdesktop
Free Wifi
Inet
Citrix
Vsphere
WI-FI Finder
Netmon
Free Pint
NSLookup
NetSwissKnife
DropBox + BoxCryptor
Iphone / IPad Apps
All Devices -- Last Pass - Fing - Network Tools – Citrix - DropBox + BoxCryptor – Pocket Cloud
Iphone / IPad Apps for network and Security
Logmein
IRdesktop
Free Wifi
INetVsphere
WI-FI FinderNetmonFree Pint
NSLookupNetSwissKnife
Serial IO WiSnap WIFI Com Ports for Telnet to switches from Ipad to the Com port on devices
Common & Iphone / IPad Apps
Anti - Wi-fi-scanning tool for finding open networks and showing all potential target devices
Shark for Root - Traffic sniffer, works on 3G and WiFi
Android Apps
ConnectBot—secure shell client can manage simultaneous ssh connections• ArpSpoof
arpspoof is an open source tool for network auditing.It redirects packets on the local network by broadcasting spoofed ARP messages http://www.irongeek.com/i.php?page=security/arpspoof
PortKnocker
The best portknock client on Android! Now with configurable number of ports; support for TCP or UDP; and more!
Nessusnables you to log into your Nessus scanners and start, stop and pause vulnerability scans as well as analyze the results directly from your Android device
Android Apps
Wifi Analyzer— Choose the best WiFI network
NetAudit—TCP port scanner
WiFi Key Recovery—recover the password of a wireless network you have
connected to with your device in the past
FaceNiff—Sniff and intercept web session profiles over the WiFi
Network Discovery -- network tool-- discovering, mapping, scanning, profiling your Wifi network
Computer/device discovery and port scanner for local area network.
Net Scan--Network scanning and discovery along with port scanner. Find holes and security flaws in your network.
Android Apps
Android Apps
Device IP and hostname, both private and public.
Current mobile Cell and any neighbours, signal strength, location info and type
IMSI/ IMEI (Used to identify a mobile device and Mobile sim card )
Information about the current mobile provider (MCC+MNC, current connection, etc)
The Android device unique ID
Full WiFi connection (MAC, current SSID and BSSID, link speed, IP/Netmask, Gateway, DNS and DHCP servers, etc)
Your current location according to Android No GPS needed
Information regarding Bluetooth status, the current Bluetooth connection(s)
IPv6 device and router IP addresses for all device interfaces
Network Info II
Make a USB bootable using Unetbootin
Back Track5
Capturing Telnet Password with Wireshark
Inside of Backtrack open terminal
“airmon-ng start wlan0”
Open wireshark
Back Track5
Back Track5
Free File Camouflage
A donation screen will appear, click on the skip donation button to launch
the application.
Hiding Files inside a photo
-Must Have Microsoft Network Monitor 3.x
-Run SmartSniff if you want to capture general TCP data or SniffPass if you
only want to capture passwords.
-You Must Leave the “Switch to Monitor Mode” window OPEN !
When you close this window, the network card will exit from monitor mode
and it'll return back to its normal state.
SniffPass
It draws connections between entities like name, domain, email addresses, etc., good for building a mind map of how things are related. You will have to register for API keys to get the most use out of ithttp://www.paterva.com
Allows you to discover and visualize relationships between atributes like Facebook or Twitter account names, email addresss, phone numbers and other information. It’s the first step when trying to understand where people fit into the digital world, and with whom they are or have been associated.– Get it rigt now
Let’s find someone you know like yourself …
Maltego Hands on
RobTexA great site for doing reverse DNS look-ups on IPs, grabbing Whois contacts, and finding other general information about an IP or domain namehttp://www.robtex.com
ServerSniff ICMP & TCP traceroutes, SSL Info, DNS reports and Hostnames on a shared IP. It’s nice to have them do some of the recon for you
http://serversniff.net
Check if your email address has been owned
http://beta.serversniff.de/compromised.php
Network Domain Info online
WSCC – Windows System Control Center
My first pick isn't actually a Microsoft tool per se: Windows System Control Center is a one-stop downloader for almost 300 maintenance tools from Microsoft's Sysinternals and the ever-popular NirSoft suites: simply download WSCC from KLS-Soft, check all the tools you need and hit "Install
More Tools
Please complete the session evaluation @:
http://www.edmodo.com/fetcsurvey
Please leave Feedback!!
Workshop3HRHO WMEWireless and Mobile Attack