pwn phone2014 jrs
TRANSCRIPT
Pwn Phone 2014: Pen-testing From Your Pocket
Paul Asadoorian
John Strand
Sponsor: Pwnie Express
Brought to you by:
http://www.pwnieexpress.com
http://www.securityweekly.com
You Got Problems…
Problem #1
You left behind a device inside a client network, and were unable to retrieve because 1) someone stole it 2) it was
discovered by an employee and taken offline
The above devices can look out of place randomly installed in the client network…
Problem #2
On-site at a customer, you want to look inconspicuous when performing a penetration test
Problem #3
You take A LOT of gear on a pen test (and its never
the RIGHT gear)
Problem #4You send pen testers into the field with a smartphone AND tons
of gear, then:
“I bricked my phone trying to jailbreak it”
“I am out of battery on my phone because I was running wireless tools”
“I can’t call you right now, I’m doing a wireless assessment”
“I accidentally Tweeted the pics of the datacenter”
“I need SIMS with data plans, one for me and one for hacking”
Enter the PwnPhone
LG Nexus 5 For Penetration Testers
Impressive Specs
Comes With Accessories
I added even more stuff…
Bluetooth Sniffing
I did most of this while driving in my pre-mid-life crisis car (2010 Mini Cooper S R56, racing stripes, custom wheels/tires,
intake, exhaust, sprint booster)
Cars
Car’s:
CAR KITBMW26610
General MotorsKia Motors
*MEDTECH-TB-110
ComputersBill HP Computer
Captain Crunch’s Computerjohnnymo
Captain Crunch!
Phones
DROID RAZR MBlackBerry 9930MetroPCS 768T
SGH-T379Sparq IIP7040P
Radar Detectors
iRADAR 105
GPS Navigation
nuvi #3873374252
nuvi 2x5 #38133171
Roku
Roku Player
Medtech TB110?
http://www.thefreelibrary.com/Colorado+MEDtech,+Inc.+and+Red-M+Join+Forces+to+Provide...-a078387514
Why-ah-Less
Lots of Why-Ah-Less"DIRECT-roku-584"
SheratonVistanaVillagesAdventurousFlamingo-guest
AmtrakConnectApplebees
AtlanticBeachHotelBakersDozen
BeaconBestBuy
BestBuyConnect-FreeWifiBlueFlamingo-guestBronzeBear-guestBronzeOak-guest
BrownHorse-guestCARWASH2012Carwash2012
CharterCARE-PublicDeliGuest
Dennys_WirelessDisney-Guest
FUCKYOUFalmouthToyota_Public
GendronsHP-Print-2A-OfficejetHP-Print-7D-Deskjet
HP-Print-D9-PhotosmartHealthtrax
HolidayHoltFuneral
JadeMonkey-guestKFC
LeosPizza
Lowes-Guest-WiFiMISSCRANSTONII
MacysfreewifiNiceFlamingo-guest
PANERAPenske
PlayFiDevice0013C7Quality
QualityInnWAP1QualityInnWAP2SUBWAY-guest
SmallDeer-guestSmokey
SouthCountyTrailStop&Go-guestSydgie-guest
TacoTarbox
TarboxHyundaiFreeWirelessTarget
TreehouseUniversalAuto
WarwickPublicLibraryWarwickshop
Wendy's
http://securityweekly.com Copyright 2014http://securityweekly.com Copyright 2014
Wireless Attacks
• EvilAP - Intercept probe requests
• SSLStrip - Grab SSL communications
• Wifite - Crack WEP and WPA encrypted networks
• Ettercap - Targeted attacks
http://securityweekly.com Copyright 2014
Use on a penetration test
Ladies?
http://securityweekly.com Copyright 2014
The hard thing
• Is not getting in…
• It is retrieving what you left behind
• Many times we will not even try to recover our devices
• Simply have the customer contact recover them for us
• This goes just about as well as you would expect
• We still have gear from assessments two years ago not returned
• So, we tend to use crap
http://securityweekly.com Copyright 2014
Coffee is important
And so it goes with the sacrificial Dell
http://securityweekly.com Copyright 2014
We have used plugs in the
past
Is this dirty? Because it seems dirty.
http://securityweekly.com Copyright 2014
I left my phone
• This happens all the time to people
• It is so easy to simply call it… Like 30 times. Then try to retrieve it
• They will happily give you the device back
http://securityweekly.com Copyright 2014
It supports my favorite
Android apps
http://securityweekly.com Copyright 2014http://securityweekly.com Copyright 2014
Conclusion
• A forgotten phone will be seen as just that, without you getting caught (risky!)
• Be completely inconspicuous when performing on-site testing and social engineering
• Bring a large set of tools, and replace the endless amount of devices, on a penetration test
• Save money by providing your pen testers with one platform for both a smartphone and pen testing device
For Slides Join Our Mailing List: http://securityweekly.com/insider
Podcasts/Blogs/Videos: http://securityweekly.com
Contact Me: [email protected]
http://www.blackhillsinfosec.com