Download - LPTv4 Module 33 Wardialing
-
7/24/2019 LPTv4 Module 33 Wardialing
1/23
ECSA/LPT
- o u eWar Dialing
-
7/24/2019 LPTv4 Module 33 Wardialing
2/23
Penetration Testing Roadmap
Start HereInformation Vulnerability External
Gathering Analysis Penetration Testing
Router andrewa
Penetration Testing
Switches
Penetration Testing
Network
Penetration Testing
IDS
Penetration Testing
Wireless
Network
Penetration Testing
Denial of
Service
Penetration Testing
Password
CrackingStolen Laptop, PDAs
and Cell Phones
Social
EngineeringApplication
Contd
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration TestingPenetration Testing
Penetration TestingPenetration Testing
-
7/24/2019 LPTv4 Module 33 Wardialing
3/23
Penetration Testing Roadmap
Contd
Physical Database VoIP
ecur ty
Penetration Testing
enetrat on test ng enetrat on est ng
rus an
Trojan
Detection
War Dialing VPN
Penetration Testing
Log
Management
Penetration Testing
File Integrity
Checking
Blue Tooth and
Hand held
Device
Penetration Testing
Telecommunication
And BroadbandEmail Security
Penetration Testing
Security
PatchesData Leakage
End Here
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration TestingPenetration Testing
-
7/24/2019 LPTv4 Module 33 Wardialing
4/23
War Dialing
War dialing involves the use of a program in conjunction with a modem-
continually dialing in.
It is the exploitation of an organization's telephone, dial, and privatebranch exchange (PBX) system to infiltrate the internal network inorder to abuse computing resources.
Software programs used for war dialing are known as War dialers.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 33 Wardialing
5/23
War Dialing (contd)
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 33 Wardialing
6/23
War Dialing Techniques
Basic Wardialing Sweep (BWS):
The program calls a range of phone numbers without humanintervention and identifies a set of known carrier signals.
In this technique, a Basic Wardialing Sweep (BWS) is conducted
Multiple Wardialing Sweep (MWS):
sequen a y y us ng range an con on o con gura onparameter.
It conducts separate sweep for each devices such as fax machine.
The dialed range of phone numbers that are attended with a
Attended Wardialing Sweep (AWS):
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
pro ess ona stener s prov e to etect rregu ar e av or anunknown devices.
-
7/24/2019 LPTv4 Module 33 Wardialing
7/23
Why Conduct a War Dialing
War dialing penetration testing is conducted
Check whether anyone from your organization has attachedmodem to your network.
C ec w et er your aut orize mo ems are vu nera e to rea -inby a wardialer.
Check whether your modems reveal banners with their identity.
accessible by PSTN.
Check whether your modem provided by manufacturer holds adefault password.
Check whether there is any unknown open access to a legacysystem.
Check whether security audits across your organization is regularly
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check whether your network has security holes.
-
7/24/2019 LPTv4 Module 33 Wardialing
8/23
Pre-Requisites for War Dialing
Confirmation about the number to bedialed
Approval from the organization
Authorization from the telephonecom an
Notify to all parties which may be affected
Agreement for date and timing
Exclude business critical systems
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 33 Wardialing
9/23
Software Selection for War
There are three general categories of software programs to perform war
Commercial:
Use or speci ic mo em poo s or remote access so utions
Homegrown: These programs are compiled by network administrators and used to find out
if they can get a phone number to pick up an incoming call
Hackerware:
These programs are generally used by hackers
Attackers may conceal call-back schemes into these program which canmonitor and record the data flows
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
It may record unexpected outgoing email containing private information
-
7/24/2019 LPTv4 Module 33 Wardialing
10/23
Guidelines for Configuring
Check the country option, because different countries have different ringtonesw c may con use e mo em.
,
Select the proper detection level to detect voice, fax, carriers, tones, andvoicemail.
, - - .
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
ry o use ar ware ow con ro .
-
7/24/2019 LPTv4 Module 33 Wardialing
11/23
Guidelines for Configuring Different
Check the Modem Command set and ensure that
commands.
Check your PBX or switch and check whetherthey have dialing features or not.
Keep the serial port at the proper speed.
Check the timeout option and allocate the
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
enough time per phone.
-
7/24/2019 LPTv4 Module 33 Wardialing
12/23
Recommendations for Establishing
Pre are a schedule for re ular and routinewardialing
Establish the process to access and securecritical contacts
Prepare a remote access policy for employees
Provide training to employees for recognizing
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
social engineering techniques
-
7/24/2019 LPTv4 Module 33 Wardialing
13/23
Interpreting War Dialing Results
o ect t e ata n ata ase
A phone number that is constantly busy mayhave modem or other critical resource
Categorizes the carriers
If war dialing detects any unauthorized device,
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
then remove or shut-off that device
-
7/24/2019 LPTv4 Module 33 Wardialing
14/23
War Dialing Tools
-
-
7/24/2019 LPTv4 Module 33 Wardialing
15/23
List of War Dialing Tools
A-Dial Dialer
Assault dialer
Autoscan
Dialing Demon
Doo Tools
Bbeep
BlueDial
_
Fears Phreaker Tools
GunBelt
Carrier
CATCALL
HyperTerm
LapLink
Code Thief Deluxe
CyberPhreak
-
Mhunter
OkiPad
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Demon Dialer
PCAnywhere
-
7/24/2019 LPTv4 Module 33 Wardialing
16/23
List of War Dialing Tools (contd)
PhoneSweep THC-scan
PhoneTag The Little Operator
rea aster
Procomm Plus
one oc
Ultra-Dial
Professor Falkens Phreak Tools VrACK
-
Super Dial X-DialeR
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SecureLogix Zhacker
-
7/24/2019 LPTv4 Module 33 Wardialing
17/23
PhoneSweep
PhoneSweeper is a wardialing tool.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 33 Wardialing
18/23
THC Scan
numbers.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 33 Wardialing
19/23
ToneLoc
ToneLoc is a popular war dialing computer program for MS-DOS.
It dials numbers to look for some kind of tone.
Command line options for ToneLoc:
ToneLoc [DataFile] /M:[Mask] /R:[Range] /D:[ExRange] /X:[ExMask]/C:[Config] /S:[StartTime] /E:[EndTime] /H:[Hours] /T[-] /K[-]
Find PBXs.
Find loops or milliwatt test numbers.
It is use to:
Find dial-up long distance carriers. Find any number that gives a constant tone, or something that your
modem will recognize as one.
Findin carriers other modems .
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Hacking PBXs.
-
7/24/2019 LPTv4 Module 33 Wardialing
20/23
ModemScan
. .ModemScan is a GUI wardialer software program that utilizes Microsoft
.
Features:
ModemScan works with the hardware you already own and does notrequire the additional purchase of specific or specialized hardware
Randomly selects and dials phone numbers from the dial ranges list
sequential dialing
Runs multiple ModemScan copies with more than one phone lineand modem on the same computer
mpor s comma e m e ex es con a n ng p one num ers orranges
Flexible phone number dialing
Utilizes Microsoft's Telephony settings for easy modem and location
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
setup
-
7/24/2019 LPTv4 Module 33 Wardialing
21/23
War Dialing Countermeasures
SandTrap can detect war dialing attempts and notify the administrator
, ,message, pager, or via HTTP POST to a web server.
Con itions t at can econfigured to generatenotification messages
include:
Incoming caller ID. Login attempt.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 33 Wardialing
22/23
Summary
War dialing involves the use of a program in conjunction with a modem to-
in.
e ree eren ypes o war a ng ec n ques are as c ar a ng weep(BWS), Multiple Wardialing Sweep (MWS), and Attended Wardialing Sweep(AWS).
The three software categories to perform war dialing are commercial,homegrown, and hackerware.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
.
-
7/24/2019 LPTv4 Module 33 Wardialing
23/23
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited