lptv4 module 33 wardialing_norestriction
DESCRIPTION
LPTv4 Module 33 Wardialing_NoRestrictionTRANSCRIPT
ECSA/LPT
EC Council M d l XXXIIIEC-Council Module XXXIII
War Dialing
Penetration Testing Roadmap
Start HereInformation Vulnerability External
Gathering Analysis Penetration Testing
Fi ll Router and InternalFirewall
Penetration Testing
Router and Switches
Penetration Testing
Internal Network
Penetration Testing
IDS
Penetration Testing
Wireless Network
Penetration Testing
Denial of Service
Penetration Testing
Password Cracking
Stolen Laptop, PDAs and Cell Phones
Social EngineeringApplication
Cont’d
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration TestingPenetration Testing Penetration TestingPenetration Testing
Penetration Testing Roadmap (cont’d)(cont d)
Cont’dPhysical S i
Database P i i
VoIP P i T iSecurity
Penetration Testing
Penetration testing Penetration Testing
Vi dVirus and Trojan
Detection
War Dialing VPN Penetration Testing
Log Management
Penetration Testing
File Integrity Checking
Blue Tooth and Hand held
Device Penetration Testing
Telecommunication And Broadband Communication
Email Security Penetration Testing
Security Patches
Data Leakage Penetration Testing
End Here
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Communication Penetration Testing
gPenetration Testing
Penetration Testing
War Dialing
War dialing involves the use of a program in conjunction with a modem to penetrate the modem-based systems of an organization by to penetrate the modem-based systems of an organization by continually dialing in.
It is the exploitation of an organization's telephone, dial, and private p g p pbranch exchange (PBX) system to infiltrate the internal network in order to abuse computing resources.
Software programs used for war dialing are known as War dialers.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
War Dialing (cont’d)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
War Dialing Techniques
Basic Wardialing Sweep (BWS):
• The program calls a range of phone numbers without human intervention and identifies a set of known carrier signals.
• In this technique, a Basic Wardialing Sweep (BWS) is conducted q ti ll b i d diti f fi ti
Multiple Wardialing Sweep (MWS):
sequentially by using range and condition of configuration parameter.
• It conducts separate sweep for each devices such as fax machine.
• The dialed range of phone numbers that are attended with a f i l li i id d d i l b h i d
Attended Wardialing Sweep (AWS):
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
professional listener is provided to detect irregular behavior and unknown devices.
Why Conduct a War Dialing Pentest?Pentest?
War dialing penetration testing is conducted to:
• Check whether anyone from your organization has attached modem to your network. Ch k h h h i d d l bl b k i
to:
• Check whether your authorized modems are vulnerable to break-in by a wardialer.
• Check whether your modems reveal banners with their identity. • Check whether inventory devices like Fax machine on your PBX is Check whether inventory devices like Fax machine on your PBX is
accessible by PSTN.• Check whether your modem provided by manufacturer holds a
default password.h k h h h k l• Check whether there is any unknown open access to a legacy
system.• Check whether security audits across your organization is regularly
conducted or not.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
conducted or not.• Check whether your network has security holes.
Pre-Requisites for War Dialing Penetration TestingPenetration Testing
Confirmation about the number to be dialed
l f h i iApproval from the organization
Authorization from the telephone companyp y
Notify to all parties which may be affected
Agreement for date and timing
Exclude business critical systems
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Software Selection for War DialingDialing
There are three general categories of software programs to perform war dialing:dialing:
d f ifi d l l i
Commercial:
• Used for specific modem pools or remote access solutions
Homegrown:
• These programs are compiled by network administrators and used to find out if they can get a phone number to pick up an incoming call
Hackerware:
• These programs are generally used by hackers• Attackers may conceal call-back schemes into these program which can
monitor and record the data flows
Hackerware:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
• It may record unexpected outgoing email containing private information
Guidelines for Configuring Different War Dialing SoftwareDifferent War Dialing Software
Check the country option, because different countries have different ringtones hich ma conf se the modemwhich may confuse the modem.
If possible, turn on the Error control.If possible, turn on the Error control.
Select the proper detection level to detect voice, fax, carriers, tones, and voicemail.
Check the fax recognition keep the fax modems to fax mode or data modeCheck the fax recognition, keep the fax modems to fax-mode or data-mode.
T t h d fl t l
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Try to use hardware flow control.
Guidelines for Configuring Different War Dialing Software (cont’d)War Dialing Software (cont d)
Check the Modem Command set and ensure that the modem accepts standard Hayes and AT the modem accepts standard Hayes and AT commands.
Check your PBX or switch and check whether they have dialing features or not.
Keep the serial port at the proper speed.
Check the timeout option and allocate the h h
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
enough time per phone.
Recommendations for Establishing an Effective War Dialing Processan Effective War Dialing Process
Prepare a schedule for regular and routine epa e a sc edu e o egu a a d out e wardialing
Establish the process to access and secure critical contacts
Prepare a remote access policy for employees
Provide training to employees for recognizing
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
social engineering techniques
Interpreting War Dialing Results
C ll h d i d bCollect the data in database
A phone number that is constantly busy may have modem or other critical resource
Categorizes the carriers
If war dialing detects any unauthorized device,
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
then remove or shut-off that device
EC Council
War Dialing Tools
EC-Council
List of War Dialing Tools
A-Dial Dialer
Assault dialer
Autoscan
BASTap
Dialing Demon
Doo Tools
DTMF d BASTap
Bbeep
BlueDial
DTMF_d
Fear’s Phreaker Tools
GunBelt
Carrier
CATCALL
HyperTerm
LapLink
Code Thief Deluxe
CyberPhreak
Deluxe Fone-Code Hacker
Mhunter
OkiPad
PBX Scanner
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Deluxe Fone Code Hacker
Demon Dialer
PBX Scanner
PCAnywhere
List of War Dialing Tools (cont’d)
PhoneSweep THC-scan
PhoneTag
Ph kM
The Little Operator
T L PhreakMaster
Procomm Plus
ToneLoc
Ultra-Dial
Professor Falken’s Phreak Tools
Scavenger Dialer
VrACK
WildDialer Scavenger-Dialer
Super Dial
WildDialer
X-DialeR
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SecureLogix Zhacker
PhoneSweep
PhoneSweeper is a wardialing tool.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
THC Scan
It is a type of war dialer that scans a defined range of phone It is a type of war dialer that scans a defined range of phone numbers.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
ToneLoc
ToneLoc is a popular war dialing computer program for MS-DOS.
It dials numbers to look for some kind of tone.
Command line options for ToneLoc:
ToneLoc [DataFile] /M:[Mask] /R:[Range] /D:[ExRange] /X:[ExMask] /C:[Config] /S:[StartTime] /E:[EndTime] /H:[Hours] /T[-] /K[-]
i d
• Find PBXs.• Find loops or milliwatt test numbers.
It is used to:
• Find dial-up long distance carriers.• Find any number that gives a constant tone, or something that your
modem will recognize as one.• Finding carriers (other modems).
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
g ( )• Hacking PBXs.
ModemScanwww wardial netwww.wardial.net
ModemScan is a GUI wardialer software program that utilizes Microsoft Windows Telephony Windows Telephony.
Features:
• ModemScan works with the hardware you already own and does not require the additional purchase of specific or specialized hardware
• Randomly selects and dials phone numbers from the dial range’s list to prevent line termination from phone companies which detect to prevent line termination from phone companies which detect sequential dialing
• Runs multiple ModemScan copies with more than one phone line and modem on the same computerI t d li it d t t fil t i i h b • Imports comma delimited text files containing phone numbers or ranges
• Flexible phone number dialing• Utilizes Microsoft's Telephony settings for easy modem and location
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
p y g ysetup
War Dialing CountermeasuresSandTrap ToolSandTrap Tool
SandTrap can detect war dialing attempts and notify the administrator immediately upon being called or upon being connected to via an email immediately upon being called, or upon being connected to, via an email message, pager, or via HTTP POST to a web server.
C di i h b Conditions that can be configured to generate notification messages include:
• Incoming caller ID. • Login attempt.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Summary
War dialing involves the use of a program in conjunction with a modem to penetrate the modem-based systems of an organization by continually dialing penetrate the modem-based systems of an organization by continually dialing in.
Th th diff t t f di li t h i B i W di li S The three different types of wardialing techniques are Basic Wardialing Sweep (BWS), Multiple Wardialing Sweep (MWS), and Attended Wardialing Sweep (AWS).
The three software categories to perform war dialing are commercial, homegrown, and hackerware.
THC Scan is a type of war dialer that scans a defined range of phone numbers
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
THC Scan is a type of war dialer that scans a defined range of phone numbers.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited