lptv4 module 27 stolen laptop, pdas and cell phones penetration testing_norestriction

25
ECSA/LPT ECSA/LPT EC Council Module XXVI I EC-Council Stolen Laptops, PDAs, and Cell Phones Penetration Testing

Upload: mahmoud-eladawi

Post on 08-Nov-2014

98 views

Category:

Documents


10 download

DESCRIPTION

LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

TRANSCRIPT

Page 1: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

ECSA/LPTECSA/LPT

EC CouncilModule XXVI I

EC-Council Stolen Laptops, PDAs, and Cell Phones Penetration Testing

Page 2: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Penetration Testing Roadmap

Start HereInformation Vulnerability External

Gathering Analysis Penetration Testing

Fi ll Router and InternalFirewall

Penetration Testing

Router and Switches

Penetration Testing

Internal Network

Penetration Testing

IDS

Penetration Testing

Wireless Network

Penetration Testing

Denial of Service

Penetration Testing

Password Cracking

Stolen Laptop, PDAs and Cell Phones

Social EngineeringApplication

Cont’d

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Penetration TestingPenetration Testing Penetration TestingPenetration Testing

Page 3: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Penetration Testing Roadmap (cont’d)(cont d)

Cont’dPhysical S i

Database P i i

VoIP P i T iSecurity

Penetration Testing

Penetration testing Penetration Testing

Vi dVirus and Trojan

Detection

War Dialing VPN Penetration Testing

Log Management

Penetration Testing

File Integrity Checking

Blue Tooth and Hand held

Device Penetration Testing

Telecommunication And Broadband Communication

Email Security Penetration Testing

Security Patches

Data Leakage Penetration Testing

End Here

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Communication Penetration Testing

gPenetration Testing

Penetration Testing

Page 4: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Stolen Laptop Testing

Cell phones and PDAs carry sensitive data.

Executives and mobile workers depend on these devices everyday.these devices everyday.

The loss of a PDA or BlackBerry is equivalent y qto losing a laptop and the sensitive data inside.

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 5: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Laptop Theft

If a laptop were lost

• What information of a strategic nature would

If a laptop were lost...

be disclosed? Real examples of this type of information include pending mergers, new product intellectual property, strategies and launch plans, and previously undisclosed g p , p yfinancial operating results.

• What information of a tactical nature would be disclosed? Examples include private compensation information Examples include private compensation information, plans for organizational changes, proposals to clients, and the myriad of similar information that can be gained from reading a person's email, calendar,

t t ll ti f d t d d h t

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

contacts, or collection of documents and spreadsheets.

Page 6: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Laptop Theft (cont’d)

If a laptop were lost...

• What information about the company's network or computing infrastructure

p p

network or computing infrastructure would be revealed that would facilitate an electronic attack?Examples of this type of information include usernames and passwords dial in numbers IP usernames and passwords, dial in numbers, IP addressing schemes, DNS naming conventions, ISPs used, primary mail servers, and other networking details related to connecting the l h I i laptop to the corporate or Internet environment.

• What personal information about the laptop owner can be obtained?

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 7: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Penetration Testing Steps

1 • Identify sensitive data in the devices

2 • Look for passwords

3 • Look for company infrastructure or finance documents

4 • Extract the address book and phone numbers

5 • Extract schedules and appointments5

6 • Extract applications installed on these devices

• Extract e-mail messages from these devices7 • Extract e-mail messages from these devices

8 • Gain access to server resources by using information you extracted

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

9 • Attempt social engineering with the extracted information

Page 8: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Step 1: Identify Sensitive Data in the Devicesthe Devices

Laptops and PDA contain Laptops and PDA contain sensitive information, such as:

• Company finance documents.E l d h• Excel spreadsheets.

• Word documents.• Email messages.

Operations plan• Operations plan.

Look for sensitive data in these documentsdocuments.

What if this device gets into the wrong hands?

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

wrong hands?

Page 9: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Look for Personal Information in the Stolen Laptop the Stolen Laptop

Bank Account Number

Internet Shopping Account

Credit Card Details

Check Tax Return

Pan Card Details

Passport Details

Check Resume of the Host

Check his Digital Signature

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 10: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Step 2: Look for Passwords

Search for the following passwords:

VNC password

Email account passwordsp

Active directory passwords

W b it hi t dWebsite history passwords

Passwords stored in the registry

FTP passwords

SSH/Telnet passwords

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Application passwords

Page 11: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Step 3: Look for Company Infrastructure or Finance DocumentsInfrastructure or Finance Documents

Sometimes the laptop might contain company infrastructure

• Building plans.l f

contain company infrastructure documents, such as:

• Plan of operations.• Overseas operations and procedures.• Company handbooks or manuals.• Contracts and agreements.Contracts and agreements.• NDA documents.• Bank statements.• Auditing information.

I d t

What if this information gets into the wrong hands?

• Insurance documents.

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

What if this information gets into the wrong hands?

Page 12: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Step 4: Extract the Address Book and Phone NumbersBook and Phone Numbers

PDA d l t t i dd b kPDA and laptops contain address book

Look for the following data:

• Name.• Address.

T l h b

g

• Telephone number.• Cell phone number.• Fax number.• Email address• Email address.• Birthdate.• Notes.• Picture.

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Picture.

Page 13: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Step 5: Extract Schedules and AppointmentsAppointments

Look for schedules and appointment

• What is the time and date of the meeting?

ppinformation in the PDA and laptop:

g• Who are the attendees?• What is the location of the meeting?• What is the agenda for the meeting?What is the agenda for the meeting?• Has the meeting confirmed?• How long is the meeting?

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 14: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Step 6: Extract Applications Installed on these DevicesInstalled on these Devices

A li i l Applications can reveal sensitive data.

Look for data in the installed application on the laptop device.

Example:

• Finance software such as Quicken and Microsoft Money can provide rich information

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 15: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Step 7: Extract Email Messages from these Devicesfrom these Devices

Email messages can provide a lot of sensitive i f iinformation.

Sometimes you might find passwords and access codes.access codes.

Scan the entire email content for information that could be used to gain access to the system.

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 16: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Step 8: Gain Access to Server Resources by Using Information you Extractedy g y

Gain access to network resources using information from Gain access to network resources using information from the PDA and laptops.

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 17: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Step 9: Attempt Social Engineering with the Extracted Informationwith the Extracted Information

The extracted information could be used for social The extracted information could be used for social engineering as well.

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 18: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Check for BIOS Password

Check whether the BIOS password,/boot password/ hard p ,/ p /disk password is enabled.

Check whether BIOS setting has hard disk as a bootable Check whether BIOS setting has hard disk as a bootable device.

Check whether the user has different username and password from the domain’s logon used on the laptop.

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 19: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Look into the Encrypted File

Check whether any file is not proving clear test it Check whether any file is not proving clear test it means it is encrypted.

Try to decrypt the file using cryptographic tools.

Gather information from that fileGather information from that file.

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 20: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Check Cookies in Web Browsers

Check the following:Check the following:

• Cookies• History file• Temp file• Recycle bin

Check whether the above files contain any information in it.

Check whether any password file is available

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Check whether any password file is available.

Page 21: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Install Software

Install software for changing the d

• Try it for changing the existing password

password:

Install data recovery software in the laptop:

• Use it to extract the data that has been deleted

p p

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 22: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Attempt to Enable Wireless

Switch on wireless or Bluetooth near the company campusp y p

Scan for the LAN network of the company

Locate the LAN network and search SSID in the laptop

Check whether SSID is asking for password

Check password strength and try to break it by password cracking techniques

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Enable wireless or Bluetooth to get connected with the network

Page 23: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

Summary

All the information that is extracted from the steps mentioned are All the information that is extracted from the steps mentioned, are documented for analysis.

In the first step, the sensitive data in the device is identified such as company finance documents, email messages, and Excel spreadsheets.

In the second step, we looked for passwords such as VNC, and email account passwords .

Extraction of schedules and appointment details such as time, date, venue of the meetings, attendees of the meeting, and meeting confirmation are

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

g , g, ggathered.

Page 24: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Page 25: LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited