ECSA/ LPT ECSA/ LPT EC Council EC - Council Module XXXVII Bluetooth and Hand Held Device Penetration Testing Penetration Testing Roadmap Start Here Information Vulnerability External Gathering Analysis Penetration Testing ill Router and Internal F i rewa ll Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network Penetration Testing Denial of Service Penetration Testing Password Cracking Stolen Laptop, PDAs and Cell Phones Social Engineering Application Cont’d EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Penetration Testing Penetration Testin g Penetration Testing Penetration Testing Penetration Testing Roadmap (cont ’ d) (cont d) Cont’d Physical Si Database Pii VoIP PiTi S ecur i t y Penetration Testing P enetrat i on test i ng P enetrat i on T est i n g Vi d Vi rus an d Trojan Detection War Dialing VPN Penetration Testing Log Management Penetration Testing File Integrity Checking Bluetooth and Hand held Device Penetration Testing Telecommunication And Broadband Communication Email Security Penetration Testin g Security Patches Data Leakage Penetration Testing End Here EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Communication Penetration Testing g Penetration Testing Penetration Testing iPhone iPhone EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Jailbreaking in an iPhone Jailbreaking is the process to unlock the iPhone and iPod touch devices to p ermit the p installation of third-party applications. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steps for iPhone Penetration Testing Testing 1 • Try to jailbreak the iPhone 2 • Try to unlock the iPhone 3 • Try to activate the voicemail button on your unlocked iPhone •Tr y to hack iPhone usin g Metas p loit 4 ygp 5 • Check for access point with same name and encryption type 6 • Check whether malformed data can be sent to the device Ch k h h b i i i f i b d EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 7 • Ch ec k w h et h er b as i c memory mapp i ng i n f ormat i on can b e extracte d Step 1: Try to Jailbreak the iPhone iPhone Jailbreak the iPhone using different jailbreaking Jailbreak the iPhone using different jailbreaking tools such as iDemocracy, iActivator, and iFuntastic. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Jailbreaking Using iFuntastic Download the iPhone hacking kit, and install iFuntastic in your applications folder A fter installin g, p erform the followin g ste p s: Reboot your Mac safely, so that the iFuntastic is not crushed during this process Switch on your iPhone and then connect it into your Mac by using the appropriate bl g, p g p ca bl e As iPhone is connected to Mac, iTunes application launched; close the application lh i i Now l aunc h i Funtast i c Press the Prepare button present on the left side of the iFuntastic window Click the Jailbreak button present at the bottom of the window Follow the six steps on the next page of the window EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited You will see the screenshot as given in the next slide Jailbreaking Using iFuntastic EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Jailbreaking using AppSnapp Go to http://www.jailbreakme.com on your iPhone or iPod Touch to automatically jailbreak and p ut Installer.a pp on the device ppp At the bottom of the page, click the Install AppSnap button, then you will see the “Slide to Unlock ” screen Unlock screen After unlocking the device, you will find the “Installer” icon on your screen, click the “I ll ” i h li k “S ” d i ll h “C i S ” k “I nsta ll er ” i con, t h en c li c k “S ources ” , an d i nsta ll t h e “C ommun i t y S ources ” p ac k a g e Under the “ System ” tab install the BDS subsystem and openSSH Under the System tab , install the BDS subsystem , and openSSH EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Now y our iPhone is read y to receive and use the third- p art y binaries [...]... Server and BlackBerry Router, resulting into a DoS attack Boundary error exists in the attachment service while handling the malformed Microsoft Word (.doc) file: • This vulnerability results into buffer overflow and the arbitrary code is executed on the BlackBerry attachment service EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Steps for Penetration Testing. .. register values id i t l and basic memory mapping information Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited BlackBerry EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Vulnerabilities in BlackBerry A boundary error exists in the attachment service while handling the y g malformed TIFF image attachments While handling the Server... their device device Try different password cracking t l such as T diff t d ki tools h Brutus and Hydra to crack the password for the device EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 2: Try for ActiveSync Attacks ActiveSync allows user t attempt unlimited numbers of A ti S ll to tt t li it d b f password in its prompt Perform brute-force and dictionary... Step 6: Check Whether Malformed Data Can be Sent to the Device Perform this attack on iPhone with a MobileSafari browser Extract the binaries from the device by jailbreaking jailbreaking Analyze the binaries by using a disassembler such as y y g diStorm64 Perform the source code audit audit Send the malformed data to the device to cause a fault and make it crash EC-Council Copyright © by EC-Council... Brutus and Cain & Abel g to access an ActiveSync password EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 3: Check Whether IR Port are Enabled An infrared port is used to synchronize the PDA or for to share the information from one device to another Check whether the infrared port for PDA devices are enabled or not If enabled, try to accept the commands... computer • ActiveSync is connected to a desktop PC through its cradle and it requires a password t b entered dl d i d to be t d • After accessing the password, an attacker can steal private information or unleash the malicious code EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Steps for Penetration Testing 1 2 3 4 EC-Council • Check whether passwords can be cracked... Reproduction is Strictly Prohibited Step 5: Check for Access Point with Same Name and Encryption Type iPhone identifies the access points by SSID If the user gets attacker-controlled access point with the same name and encryption type, iPhone will automatically use the malicious access point This adds the exploit to web page browser, and replaces it with a page containing the exploit l it EC-Council Copyright... it creates a covert channel between the attacker and the hosts of an unsecured enterprise network EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 2: Try to Attack by Sending Malformed TIFF Image Files There i a h Th is heap overflow vulnerability i the fl l bili in h BlackBerry attachment service when handling TIFF image files TIG Image Send the malformed... ’ BlackBerry d i device Once the user opens attached TIFF file, it causes a DoS attack EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Personal Digital Assistant (PDA) EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited PDA Attacks ActiveSync attacks: • ActiveSync synchronizes Windows-based PDAs and Smartphones with... to a "jailbroken" iPhone and launched from the Springboard’s interface interface EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Unlocking your iPhone using AnySIM Jailbreak your iPhone with iActivator or iNdependence Set it up to install third-party applications Use the following steps to put AnySIM on it: 1 Download AnySIM 1.1 and extract it 2 Move the . LPT EC Council EC - Council Module XXXVII Bluetooth and Hand Held Device Penetration Testing Penetration Testing Roadmap Start Here Information Vulnerability External Gathering Analysis Penetration Testing ill Router. Checking Bluetooth and Hand held Device Penetration Testing Telecommunication And Broadband Communication Email Security Penetration Testin g Security Patches Data Leakage Penetration Testing End. Testing ill Router and Internal F i rewa ll Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network Penetration Testing Denial