Penetration Testing Roadmap Start Here Firewall Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network
Trang 1ECSA/ LPT
War Dialin g
Trang 2Penetration Testing Roadmap
Start Here
Firewall
Penetration Testing
Router and Switches
Penetration Testing
Internal Network
Penetration Testing
IDS
Penetration Testing
Wireless Network
Penetration Testing
Denial of Service
Penetration Testing
Password Cracking
Stolen Laptop, PDAs and Cell Phones
Social Engineering Application
Cont’d
Penetration Testing Penetration Testing Penetration Testing
Penetration Testing
Trang 3Penetration Testing Roadmap
War Dialing VPN
Penetration Testing
Log Management
Penetration Testing
File Integrity Checking
Blue Tooth and Hand held Device
Penetration Testing
Telecommunication And Broadband Communication
Email Security
Penetration Testing
Security Patches
Penetration Testing
Trang 4War Dialing
War dialing involves the use of a program in conjunction with a modem
to penetrate the modem-based systems of an organization by
continually dialing in.
It is the exploitation of an organization's telephone, dial, and private p g p p
branch exchange (PBX) system to infiltrate the internal network in
order to abuse computing resources.
Software programs used for war dialing are known as War dialers.
Trang 5War Dialing (cont’d)
Trang 6War Dialing Techniques
Basic Wardialing Sweep (BWS):
• The program calls a range of phone numbers without human intervention and identifies a set of known carrier signals
• In this technique, a Basic Wardialing Sweep (BWS) is conducted
q ti ll b i d diti f fi ti
Multiple Wardialing Sweep (MWS):
sequentially by using range and condition of configuration parameter
• It conducts separate sweep for each devices such as fax machine
• The dialed range of phone numbers that are attended with a
f i l li i id d d i l b h i d
Attended Wardialing Sweep (AWS):
professional listener is provided to detect irregular behavior and unknown devices
Trang 7Why Conduct a War Dialing
• Check whether your modems reveal banners with their identity
• Check whether inventory devices like Fax machine on your PBX is Check whether inventory devices like Fax machine on your PBX is accessible by PSTN
• Check whether your modem provided by manufacturer holds a default password
Trang 8Pre-Requisites for War Dialing
Penetration Testing
Confirmation about the number to be
dialed
Approval from the organization
Authorization from the telephone
companyp yNotify to all parties which may be affected
Agreement for date and timingExclude business critical systems
Trang 9Software Selection for War
• These programs are compiled by network administrators and used to find out
if they can get a phone number to pick up an incoming call
Hackerware:
• These programs are generally used by hackers
• Attackers may conceal call-back schemes into these program which can monitor and record the data flows
Hackerware:
• It may record unexpected outgoing email containing private information
Trang 10Guidelines for Configuring Different War Dialing Software
Check the country option, because different countries have different ringtones
hich ma conf se the modem
which may confuse the modem
If possible, turn on the Error control
Select the proper detection level to detect voice, fax, carriers, tones, and
voicemail
Check the fax recognition keep the fax modems to fax mode or data mode
Check the fax recognition, keep the fax modems to fax-mode or data-mode
T t h d fl t l
Try to use hardware flow control
Trang 11Guidelines for Configuring Different
War Dialing Software (cont’d) War Dialing Software (cont d)
Check the Modem Command set and ensure that
the modem accepts standard Hayes and AT
commands.
Check your PBX or switch and check whether
they have dialing features or not.
Keep the serial port at the proper speed.
Check the timeout option and allocate the
enough time per phone.
Trang 12Recommendations for Establishing
an Effective War Dialing Process
Prepare a schedule for regular and routine epa e a sc edu e o egu a a d out e
wardialing
Establish the process to access and secure
critical contacts
Prepare a remote access policy for employees
Provide training to employees for recognizing
social engineering techniques
Trang 13Interpreting War Dialing Results
C ll h d i d b
Collect the data in database
A phone number that is constantly busy may have modem or other critical resource
Categorizes the carriers
If war dialing detects any unauthorized device, then remove or shut-off that device
Trang 14EC Council
War Dialing Tools
EC-Council
Trang 15List of War Dialing Tools
DTMF d BASTap
Bbeep
BlueDial
DTMF_d Fear’s Phreaker Tools GunBelt
Carrier
CATCALL
HyperTerm LapLink Code Thief Deluxe
CyberPhreak
Deluxe Fone-Code Hacker
Mhunter OkiPad PBX Scanner Deluxe Fone Code Hacker PBX Scanner
Trang 16List of War Dialing Tools (cont’d)
Scavenger Dialer
VrACK WildDialer Scavenger-Dialer
Super Dial
WildDialer X-DialeR
Trang 17PhoneSweeper is a wardialing tool.
Trang 18THC Scan
It is a type of war dialer that scans a defined range of phone
numbers
Trang 19ToneLoc is a popular war dialing computer program for MS-DOS.
It dials numbers to look for some kind of tone.
Command line options for ToneLoc:
ToneLoc [DataFile] /M:[Mask] /R:[Range] /D:[ExRange] /X:[ExMask]
/C:[Config] /S:[StartTime] /E:[EndTime] /H:[Hours] /T[-] /K[-]
• Find PBXs.
• Find loops or milliwatt test numbers.
It is used to:
• Find dial-up long distance carriers.
• Find any number that gives a constant tone, or something that your modem will recognize as one.
• Finding carriers (other modems) g ( )
• Hacking PBXs.
Trang 20ModemScan www wardial net
ModemScan is a GUI wardialer software program that utilizes Microsoft
Windows Telephony
Features:
• ModemScan works with the hardware you already own and does not require the additional purchase of specific or specialized hardware
• Randomly selects and dials phone numbers from the dial range’s list
to prevent line termination from phone companies which detect sequential dialing
• Runs multiple ModemScan copies with more than one phone line and modem on the same computer
I t d li it d t t fil t i i h b
• Imports comma delimited text files containing phone numbers or ranges
• Flexible phone number dialing
• Utilizes Microsoft's Telephony settings for easy modem and location p y g y setup
Trang 21War Dialing Countermeasures
SandTrap Tool
SandTrap can detect war dialing attempts and notify the administrator
immediately upon being called or upon being connected to via an email
message, pager, or via HTTP POST to a web server
C di i h b
Conditions that can be configured to generate notification messages include:
• Incoming caller ID
• Login attempt.
Trang 22War dialing involves the use of a program in conjunction with a modem to
penetrate the modem-based systems of an organization by continually dialing
in
Th th diff t t f di li t h i B i W di li S
The three different types of wardialing techniques are Basic Wardialing Sweep
(BWS), Multiple Wardialing Sweep (MWS), and Attended Wardialing Sweep
(AWS)
The three software categories to perform war dialing are commercial,
homegrown, and hackerware
THC Scan is a type of war dialer that scans a defined range of phone numbers
THC Scan is a type of war dialer that scans a defined range of phone numbers