pwn phone2014 jrs

Download Pwn phone2014 jrs

Post on 16-Jul-2015




0 download

Embed Size (px)


Pwn Phone 2014: Pen-testing From Your Pocket

Pwn Phone 2014: Pen-testing From Your Pocket

Paul AsadoorianJohn Strand

Sponsor: Pwnie Express

http://securityweekly.comCopyright 2014Brought to you by:

http://www.securityweekly.comhttp://securityweekly.comCopyright 2014You Got Problems

http://securityweekly.comCopyright 2014Problem #1You left behind a device inside a client network, and were unable to retrieve because 1) someone stole it 2) it was discovered by an employee and taken offline

The above devices can look out of place randomly installed in the client networkhttp://securityweekly.comCopyright 2014Problem #2On-site at a customer, you want to look inconspicuous when performing a penetration test

http://securityweekly.comCopyright 2014Problem #3You take A LOT of gear on a pen test (and its never the RIGHT gear)

http://securityweekly.comCopyright 2014Problem #4You send pen testers into the field with a smartphone AND tons of gear, then:I bricked my phone trying to jailbreak it

I am out of battery on my phone because I was running wireless tools

I cant call you right now, Im doing a wireless assessment

I accidentally Tweeted the pics of the datacenter

I need SIMS with data plans, one for me and one for hackinghttp://securityweekly.comCopyright 2014Enter the PwnPhoneLG Nexus 5 For Penetration Testers

http://securityweekly.comCopyright 2014

http://securityweekly.comCopyright 2014Impressive Specs

http://securityweekly.comCopyright 2014Comes With Accessories

http://securityweekly.comCopyright 2014I added even more stuff

http://securityweekly.comCopyright 2014

http://securityweekly.comCopyright 2014Bluetooth SniffingI did most of this while driving in my pre-mid-life crisis car (2010 Mini Cooper S R56, racing stripes, custom wheels/tires, intake, exhaust, sprint booster)

http://securityweekly.comCopyright 2014CarsCars:CAR KITBMW26610General MotorsKia Motors*MEDTECH-TB-110

http://securityweekly.comCopyright 2014ComputersBill HP ComputerCaptain Crunchs Computerjohnnymo

Captain Crunch!http://securityweekly.comCopyright 2014Phones

DROID RAZR MBlackBerry 9930MetroPCS 768TSGH-T379Sparq IIP7040P

http://securityweekly.comCopyright 2014Radar DetectorsiRADAR 105

http://securityweekly.comCopyright 2014GPS Navigationnuvi #3873374252

nuvi 2x5 #38133171

http://securityweekly.comCopyright 2014RokuRoku Player

http://securityweekly.comCopyright 2014Medtech TB110?,+Inc.+and+Red-M+Join+Forces+to+Provide...-a078387514

http://securityweekly.comCopyright 2014Why-ah-Less

http://securityweekly.comCopyright 2014Lots of Why-Ah-Less"DIRECT-roku-584"SheratonVistanaVillagesAdventurousFlamingo-guestAmtrakConnectApplebeesAtlanticBeachHotelBakersDozenBeaconBestBuyBestBuyConnect-FreeWifiBlueFlamingo-guestBronzeBear-guestBronzeOak-guestBrownHorse-guestCARWASH2012Carwash2012CharterCARE-PublicDeliGuestDennys_WirelessDisney-GuestFUCKYOUFalmouthToyota_PublicGendronsHP-Print-2A-OfficejetHP-Print-7D-DeskjetHP-Print-D9-PhotosmartHealthtraxHolidayHoltFuneralJadeMonkey-guestKFCLeosPizzaLowes-Guest-WiFiMISSCRANSTONIIMacysfreewifiNiceFlamingo-guestPANERAPenskePlayFiDevice0013C7QualityQualityInnWAP1QualityInnWAP2SUBWAY-guestSmallDeer-guestSmokeySouthCountyTrailStop&Go-guestSydgie-guestTacoTarboxTarboxHyundaiFreeWirelessTargetTreehouseUniversalAutoWarwickPublicLibraryWarwickshopWendy'shttp://securityweekly.comCopyright 2014http://securityweekly.comCopyright 2014

Wireless AttacksEvilAP - Intercept probe requestsSSLStrip - Grab SSL communicationsWifite - Crack WEP and WPA encrypted networksEttercap - Targeted attackshttp://securityweekly.comCopyright 2014Use on a penetration test

Ladies?http://securityweekly.comCopyright 2014The hard thingIs not getting inIt is retrieving what you left behindMany times we will not even try to recover our devicesSimply have the customer contact recover them for usThis goes just about as well as you would expectWe still have gear from assessments two years ago not returnedSo, we tend to use crap

http://securityweekly.comCopyright 2014Coffee is important

And so it goes with the sacrificial Dellhttp://securityweekly.comCopyright 2014We have used plugs in the past

Is this dirty? Because it seems dirty.http://securityweekly.comCopyright 2014I left my phoneThis happens all the time to peopleIt is so easy to simply call it Like 30 times. Then try to retrieve itThey will happily give you the device back

http://securityweekly.comCopyright 2014It supports my favorite Android apps

http://securityweekly.comCopyright 2014The camera is pretty good too

http://securityweekly.comCopyright 2014http://securityweekly.comCopyright 2014

ConclusionA forgotten phone will be seen as just that, without you getting caught (risky!)Be completely inconspicuous when performing on-site testing and social engineeringBring a large set of tools, and replace the endless amount of devices, on a penetration testSave money by providing your pen testers with one platform for both a smartphone and pen testing devicehttp://securityweekly.comCopyright 2014

For Slides Join Our Mailing List:


Contact Me: paul@securityweekly.com http://securityweekly.comCopyright 2014