LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction
-
Upload
mahmoud-eladawi -
Category
Documents
-
view
94 -
download
10
description
Transcript of LPTv4 Module 27 Stolen Laptop, PDAs and Cell Phones Penetration Testing_NoRestriction
ECSA/LPTECSA/LPT
EC CouncilModule XXVI I
EC-Council Stolen Laptops, PDAs, and Cell Phones Penetration Testing
Penetration Testing Roadmap
Start HereInformation Vulnerability External
Gathering Analysis Penetration Testing
Fi ll Router and InternalFirewall
Penetration Testing
Router and Switches
Penetration Testing
Internal Network
Penetration Testing
IDS
Penetration Testing
Wireless Network
Penetration Testing
Denial of Service
Penetration Testing
Password Cracking
Stolen Laptop, PDAs and Cell Phones
Social EngineeringApplication
Cont’d
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration TestingPenetration Testing Penetration TestingPenetration Testing
Penetration Testing Roadmap (cont’d)(cont d)
Cont’dPhysical S i
Database P i i
VoIP P i T iSecurity
Penetration Testing
Penetration testing Penetration Testing
Vi dVirus and Trojan
Detection
War Dialing VPN Penetration Testing
Log Management
Penetration Testing
File Integrity Checking
Blue Tooth and Hand held
Device Penetration Testing
Telecommunication And Broadband Communication
Email Security Penetration Testing
Security Patches
Data Leakage Penetration Testing
End Here
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Communication Penetration Testing
gPenetration Testing
Penetration Testing
Stolen Laptop Testing
Cell phones and PDAs carry sensitive data.
Executives and mobile workers depend on these devices everyday.these devices everyday.
The loss of a PDA or BlackBerry is equivalent y qto losing a laptop and the sensitive data inside.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Laptop Theft
If a laptop were lost
• What information of a strategic nature would
If a laptop were lost...
be disclosed? Real examples of this type of information include pending mergers, new product intellectual property, strategies and launch plans, and previously undisclosed g p , p yfinancial operating results.
• What information of a tactical nature would be disclosed? Examples include private compensation information Examples include private compensation information, plans for organizational changes, proposals to clients, and the myriad of similar information that can be gained from reading a person's email, calendar,
t t ll ti f d t d d h t
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
contacts, or collection of documents and spreadsheets.
Laptop Theft (cont’d)
If a laptop were lost...
• What information about the company's network or computing infrastructure
p p
network or computing infrastructure would be revealed that would facilitate an electronic attack?Examples of this type of information include usernames and passwords dial in numbers IP usernames and passwords, dial in numbers, IP addressing schemes, DNS naming conventions, ISPs used, primary mail servers, and other networking details related to connecting the l h I i laptop to the corporate or Internet environment.
• What personal information about the laptop owner can be obtained?
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration Testing Steps
1 • Identify sensitive data in the devices
2 • Look for passwords
3 • Look for company infrastructure or finance documents
4 • Extract the address book and phone numbers
5 • Extract schedules and appointments5
6 • Extract applications installed on these devices
• Extract e-mail messages from these devices7 • Extract e-mail messages from these devices
8 • Gain access to server resources by using information you extracted
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
9 • Attempt social engineering with the extracted information
Step 1: Identify Sensitive Data in the Devicesthe Devices
Laptops and PDA contain Laptops and PDA contain sensitive information, such as:
• Company finance documents.E l d h• Excel spreadsheets.
• Word documents.• Email messages.
Operations plan• Operations plan.
Look for sensitive data in these documentsdocuments.
What if this device gets into the wrong hands?
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
wrong hands?
Look for Personal Information in the Stolen Laptop the Stolen Laptop
Bank Account Number
Internet Shopping Account
Credit Card Details
Check Tax Return
Pan Card Details
Passport Details
Check Resume of the Host
Check his Digital Signature
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 2: Look for Passwords
Search for the following passwords:
VNC password
Email account passwordsp
Active directory passwords
W b it hi t dWebsite history passwords
Passwords stored in the registry
FTP passwords
SSH/Telnet passwords
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Application passwords
Step 3: Look for Company Infrastructure or Finance DocumentsInfrastructure or Finance Documents
Sometimes the laptop might contain company infrastructure
• Building plans.l f
contain company infrastructure documents, such as:
• Plan of operations.• Overseas operations and procedures.• Company handbooks or manuals.• Contracts and agreements.Contracts and agreements.• NDA documents.• Bank statements.• Auditing information.
I d t
What if this information gets into the wrong hands?
• Insurance documents.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
What if this information gets into the wrong hands?
Step 4: Extract the Address Book and Phone NumbersBook and Phone Numbers
PDA d l t t i dd b kPDA and laptops contain address book
Look for the following data:
• Name.• Address.
T l h b
g
• Telephone number.• Cell phone number.• Fax number.• Email address• Email address.• Birthdate.• Notes.• Picture.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Picture.
Step 5: Extract Schedules and AppointmentsAppointments
Look for schedules and appointment
• What is the time and date of the meeting?
ppinformation in the PDA and laptop:
g• Who are the attendees?• What is the location of the meeting?• What is the agenda for the meeting?What is the agenda for the meeting?• Has the meeting confirmed?• How long is the meeting?
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 6: Extract Applications Installed on these DevicesInstalled on these Devices
A li i l Applications can reveal sensitive data.
Look for data in the installed application on the laptop device.
Example:
• Finance software such as Quicken and Microsoft Money can provide rich information
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 7: Extract Email Messages from these Devicesfrom these Devices
Email messages can provide a lot of sensitive i f iinformation.
Sometimes you might find passwords and access codes.access codes.
Scan the entire email content for information that could be used to gain access to the system.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 8: Gain Access to Server Resources by Using Information you Extractedy g y
Gain access to network resources using information from Gain access to network resources using information from the PDA and laptops.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 9: Attempt Social Engineering with the Extracted Informationwith the Extracted Information
The extracted information could be used for social The extracted information could be used for social engineering as well.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check for BIOS Password
Check whether the BIOS password,/boot password/ hard p ,/ p /disk password is enabled.
Check whether BIOS setting has hard disk as a bootable Check whether BIOS setting has hard disk as a bootable device.
Check whether the user has different username and password from the domain’s logon used on the laptop.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Look into the Encrypted File
Check whether any file is not proving clear test it Check whether any file is not proving clear test it means it is encrypted.
Try to decrypt the file using cryptographic tools.
Gather information from that fileGather information from that file.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check Cookies in Web Browsers
Check the following:Check the following:
• Cookies• History file• Temp file• Recycle bin
Check whether the above files contain any information in it.
Check whether any password file is available
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check whether any password file is available.
Install Software
Install software for changing the d
• Try it for changing the existing password
password:
Install data recovery software in the laptop:
• Use it to extract the data that has been deleted
p p
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Attempt to Enable Wireless
Switch on wireless or Bluetooth near the company campusp y p
Scan for the LAN network of the company
Locate the LAN network and search SSID in the laptop
Check whether SSID is asking for password
Check password strength and try to break it by password cracking techniques
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Enable wireless or Bluetooth to get connected with the network
Summary
All the information that is extracted from the steps mentioned are All the information that is extracted from the steps mentioned, are documented for analysis.
In the first step, the sensitive data in the device is identified such as company finance documents, email messages, and Excel spreadsheets.
In the second step, we looked for passwords such as VNC, and email account passwords .
Extraction of schedules and appointment details such as time, date, venue of the meetings, attendees of the meeting, and meeting confirmation are
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
g , g, ggathered.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited