Ernest Staats EDMODO --
WME393 Resources available @ www.es-es.net/2.html
Technology Director
MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I -Net+, Network+,
Server+, A+ erstaats@gcasda .org

This workshop is intended to help you understand how mobile software and hardware can be used to expose security issues in your network
This knowledge is intended to be used responsibly so we can provide academic environments that are secure, safe and accessible

ProduKey —view Windows and MS product keys
Wireless Key —View stored wireless keys
Only SCAN Devices you have permission to SCAN
SoftPerfect Network Scanner —Find network devices and DHCP servers
Firefox portable —XSS and SQL tools test my local server 10.37.x.x.
LANSearch —Finding files across a network (find the password file)

MACaddressView — Why Mac filtering is not good security use 802.1x
Change your Mac Address (MacMakeUp (software folder)) mRemoteNG — This application acts a tabbed remote connection manager
CurrPorts —A network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer
WirelessNetView —D isplays: SSID, Last Signal Quality, Average Signal Quality,
Detection Counter, Authentication Algorithm, Cipher Algorithm, MAC Address, etc

FirefoxDownloadsView — Download URL, Download Filename (with full path),
Referrer, MIME Type, File Size, Start/End Time, Download Duration, and
Average Download Speed
Recuva FileRestore —Recovers files deleted from your Windows computer,
Recycle Bin, digital camera card, or MP3 player
Starter — View and manage all the programs that run automatically whenever your operating system loads

“doors” on the system where info is sent out from and received
When a server app is running on a port, it listens for packets
When there is nothing listening on a port, the port is closed
TCP/IP Stack
• 65,536 TCP Ports

Open – port has an application listening on it, and is accepting packets.
Closed – port is accessible by nmap, but no application is listening on it.
Filtered – nmap can’t figure out if the port is open or closed because the packets are being filtered. (firewall)
Unfiltered – Ports are accessible, but nmap can’t figure out if it is open/closed.

Any port can be configured to run any service.
• But major services stick to defaults
Popular TCP ports/services:
• 80 – HTTP (web server)
• 23 – Telnet
• 443 – HTTPS (ssl-encrypted web servers)
• 21 – FTP
• 22 – SSH (shell access)
• 25 – SMTP (send email)
• 110 – POP3 (email retreival)ecure shell, replacement for Telnet)

• 445 – Microsoft –DS (SMB communication w/ MS Windows Services
• 139 – NetBIOS-SSN (communication w/ MS Windows services
– 143 – IMAP (email retreival)
– 53 – Domain (DNS)
– 3306 – MYSQL (database)

Nmap ("Network Mapper") is a great tool that we have in both the portable apps and in BT
Extremely powerful.
Simple use:
Nmap –v –A
‘v’ for verbosity and ‘A’ for OS/version Detection

Scan one target or a range
Built-in profiles or make your own for personal ease.

Visual Map
• Hop Distance
• Router Information
Group Hosts by Service

Here are some IPs open to be scanned. Be careful!
• 66.110.218.68
• 66.110.220.87
• Hackerinstitute.net
• 66.110.218.106
• moodle.gcasda.org
Just in case
• 192.168.2.254
• 192.168.2.240

Netsparker Community Edition
Register the Software use an email you can access to activate the software
For the target URL use: 10.37.___.___

FOCA (use compatibility mode if needed) http://www.informatica64.com/DownloadFOCA/
Metagoofil http://www.edge-security.com/metagoofil.php
W ill extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, Shared resources, etc also extracts from Microsoft Office documents
MAC address
EXIF Tool http://www.sno.phy.queensu.ca/~phil/exiftool/
EXIF Viewer Plugin https://addons.mozilla.org/en-US/firefox/addon/3905
Jeffrey's Exif Viewer http://regex.info/exif.cgi

MAC addresses, user names, edits, GPS info. It all depends on the file format.
JPG
EXIF (Exchangeable image file format)
IPTC (International Press Telecommunications Council)
PDF
DOC
DOCX
EXE
XLS
XLSX
PNG
Too many to name them all.

User Names:
Creators.
Modifiers .
Users in paths.
C:Documents and settings/ofmyfile
/home/johnny
Internal Servers.
NetBIOS Name.
Domain Name.
IP Address.
Database structures.
Table names.
Colum names.
Operating systems
Printers.
Local and remote
Paths
Device hardware info
Local and remote.
Network info.
Shared Printers.
Shared Folders.
Photo cameras.
Private Info.
Personal data.
History of use.
Software versions.
ACLS.

Search for documents in Google and Bing
Automatic file downloading capable of extracting Metadata, hidden info and lost data cluster information Analyzes the info to fingerprint the network http://www.informatica64.com/FOCA

Foca free
Type a project Name then type the URL use: es-es.net
Extract Metadata, it will be displayed on the right hand side of the window

– Target Enumeration - who to scan
– Host Discovery – online
– Reverse-DNS resolution – IP -> Host name
– Port Scanning – port opened/closed/filtered
– Version Detection – Version of service
– OS Detection – OS of server
– Traceroute – network routes
FOCA provides most of this list without you ever running a single scan

August of 2010, Adam Savage, of
“MythBusters,” took a photo of his vehicle using his smartphone. He then posted the photo to his Twitter account including the phrase “off to work”
Image contained metadata reveling the exact geographical location the photo
Savage revealed the exact location of his home, the vehicle he drives and the time he leaves for work
Read the full story here: http://nyti.ms/917hRh

Go to
Jeffrey's Exif Viewer http://regex.info/exif.cgi
Photo 1 photo.JPG
Where was the photo taken of the Police office was the photographer on the sidewalk or somewhere else what kind of device was used to take the photo
Second photo
_MG_5982_ES.jpg what is the ethnicity of the Girl in the photo? device was used to take the photo

Disable the geotagging function
Most smartphones/Tablets & several cameras automatically display geographical information
It’s important that users make efforts to turn off geotagging
More Info http://es-es.net/2.html

Software
• Jpg and PNG metadata striper http://www.steelbytes.com/?mid=30
• Hands-On
• Copy image 1 and 2 used earlier down to local system use metadata striper then compare the results @ http://regex.info/exif.cgi
• BatchPurifier LITE
• http://www.digitalconfidence.com/downloads.html
• Doc Scrubber
• http://www.javacoolsoftware.com/dsdownload.html
Websites
• http://regex.info/exif.cgi
• http://trial.3bview.com/3BTrial/pages/clean.jsp
• Clean your documents: MSOffice 2k3 & XP http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=144e54e d-d43e-42ca-bc7b-5446d34e5360

Doc Scrubber—Remove metadata from Word Documents downloaded
Select ALL options, reset Author to ES and Company to ES, Click Next

InSSIDer
– Inspect your Wi-Fi and surrounding networks
– Troubleshoot competing access points and clogged Wi-Fi channels
– Highlight access points for areas with high Wi-Fi concentration
– Track received signals in dBm over time
View the SSIDs in the top section and the live graph in the bottom section

Xirrus Wi-FI Inspector
-Searching for Wi-Fi networks
-Managing and troubleshooting Wi-FI connections
-Verifying Wi-FI coverage
-Locating Wi-FI devices
-Detecting rogue Aps
-Excellent Testing tools i.e. Connection Test, Speed Test, Quality Test

Cain and Able—Allows easy recovery of various kind of passwords
-Discover Active WIFI
-Dump locally stored passwords
-Dump WPA 2 PSK

Last Pass
Logmein
SPiceworks
IRdesktop
Free Wifi
Inet
Citrix
Vsphere
WI-FI Finder
Netmon
Free Pint
NSLookup
NetSwissKnife
DropBox + BoxCryptor

All Devices -- Last Pass - Fing - Network Tools – Citrix - DropBox + BoxCryptor –
Pocket Cloud
Iphone / IPad Apps for network and Security
Logmein
IRdesktop
Free Wifi
INet
Vsphere
WI-FI Finder
Netmon
Free Pint
NSLookup
NetSwissKnife
Serial IO WiSnap WIFI Com Ports for Telnet to switches from Ipad to the Com port on devices

Anti - Wi-fi-scanning tool for finding open networks and showing all potential target devices
Shark for Root - Traffic sniffer, works on 3G and WiFi

ConnectBot—secure shell client can manage simultaneous ssh connections
• ArpSpoof arpspoof is an open source tool for network auditing.
It redirects packets on the local network by broadcasting spoofed ARP messages http://www.irongeek.com/i.php?page=security/arpspoof
PortKnocker
The best portknock client on Android! Now with configurable number of ports; support for TCP or UDP; and more!
Nessus nables you to log into your Nessus scanners and start, stop and pause vulnerability scans as well as analyze the results directly from your
Android device

Wifi Analyzer— Choose the best WiFI network
NetAudit—TCP port scanner
WiFi Key Recovery—recover the password of a wireless network you have connected to with your device in the past
FaceNiff—Sniff and intercept web session profiles over the WiFi
Network Discovery -- network tool-- discovering, mapping, scanning, profiling your Wifi network
Computer/device discovery and port scanner for local area network.
Net Scan--Network scanning and discovery along with port scanner.
Find holes and security flaws in your network.

Network Info II
⦁
⦁
⦁
⦁
⦁
Device IP and hostname, both private and public.
⦁ Full WiFi connection (MAC, current
SSID and BSSID, link speed,
IP/Netmask, Gateway, DNS and DHCP servers, etc)
Current mobile Cell and any neighbours, signal strength, location info and type ⦁ Your current location according to
Android No GPS needed
IMSI/ IMEI (Used to identify a mobile device and Mobile sim card ) ⦁ Information regarding Bluetooth status, the current Bluetooth connection(s)
Information about the current mobile provider (MCC+MNC, current connection, etc) IPv6 device and router IP addresses for all device interfaces
The Android device unique ID

Make a USB bootable using Unetbootin

Capturing Telnet Password with Wireshark
Inside of Backtrack open terminal
“airmon-ng start wlan0”
Open wireshark

Free File Camouflage
A donation screen will appear, click on the skip donation button to launch the application.

-Must Have Microsoft Network Monitor 3.x
-Run SmartSniff if you want to capture general TCP data or SniffPass if you only want to capture passwords.
-You Must Leave the “Switch to Monitor Mode” window OPEN !
When you close this window, the network card will exit from monitor mode and it'll return back to its normal state.

It draws connections between entities like name, domain, email addresses, etc., good for building a mind map of how things are related. You will have to register for API keys to get the most use out of it http://www.paterva.com
Allows you to discover and visualize relationships between atributes like
Facebook or Twitter account names, email addresss, phone numbers and other information. It’s the first step when trying to understand where people fit into the digital world, and with whom they are or have been associated.–
Get it rigt now
Let’s find someone you know like yourself …

RobTex
A great site for doing reverse DNS look-ups on IPs, grabbing Whois contacts, and finding other general information about an IP or domain name http://www.robtex.com
ServerSniff
ICMP & TCP traceroutes, SSL Info, DNS reports and Hostnames on a shared
IP. It’s nice to have them do some of the recon for you http://serversniff.net
Check if your email address has been owned http://beta.serversniff.de/compromised.php

WSCC – Windows System Control Center
My first pick isn't actually a Microsoft tool per se: Windows System Control
Center is a one-stop downloader for almost 300 maintenance tools from
Microsoft's Sysinternals and the ever-popular NirSoft suites: simply download WSCC from KLS-Soft, check all the tools you need and hit "Install