Category Archives: Ethical Hacking

nMapper (NMAP) From an Android phone on a local network.

Using a rooted Android phone and nMapper you can discover lots of useful information.

Starting Nmap 6.25 ( http://nmap.org ) at 2014-03-28 19:39 EDT
Nmap scan report for techsrus (192.168.1.1)
Host is up (0.0028s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
443/tcp filtered https
445/tcp open microsoft-ds
6510/tcp filtered mcer-port
8083/tcp open us-srv
49152/tcp open unknown
49153/tcp open unknown

Nmap scan report for android-d70ad231e1da4896 (192.168.1.111)
Host is up (0.0092s latency).
Not shown: 989 closed ports
PORT STATE SERVICE
21/tcp filtered ftp
22/tcp open ssh
23/tcp filtered telnet
80/tcp filtered http
111/tcp filtered rpcbind
445/tcp filtered microsoft-ds
1723/tcp filtered pptp
3389/tcp filtered ms-wbt-server
5900/tcp open vnc
6000/tcp open X11
8080/tcp filtered http-proxy

Nmap scan report for TRU-Laptop (192.168.1.113)
Host is up (0.011s latency).
Not shown: 984 filtered ports
PORT STATE SERVICE
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
554/tcp open rtsp
843/tcp open unknown
902/tcp open iss-realsecure
912/tcp open apex-mesh
2869/tcp open icslap
5357/tcp open wsdapi
10243/tcp open unknown
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49157/tcp open unknown
49160/tcp open unknown

Nmap scan report for kali (192.168.1.116)
Host is up (0.0029s latency).
All 1000 scanned ports on kali (192.168.1.116) are closed

Nmap scan report for android-ecac3b3f6536ed5a (192.168.1.118)
Host is up (0.0058s latency).
All 1000 scanned ports on android-ecac3b3f6536ed5a (192.168.1.118) are closed

Nmap scan report for 192.168.1.126
Host is up (0.0064s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
4443/tcp open pharos
6000/tcp open X11
7676/tcp open imqbrokerd
9090/tcp open zeus-admin
61900/tcp filtered unknown

Nmap scan report for android-914b08766b6de71e (192.168.1.135)
Host is up (0.0011s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
5060/tcp open sip

Nmap scan report for ET002000BEB6DE (192.168.1.144)
Host is up (0.0051s latency).
Not shown: 985 closed ports
PORT STATE SERVICE
21/tcp open ftp
79/tcp open finger
80/tcp open http
443/tcp open https
513/tcp filtered login
514/tcp filtered shell
515/tcp open printer
631/tcp open ipp
5000/tcp open upnp
5001/tcp open commplex-link
8000/tcp open http-alt
9000/tcp open cslistener
9100/tcp open jetdirect
9200/tcp open wap-wsp
9500/tcp open ismserver

Nmap done: 256 IP addresses (8 hosts up) scanned in 26.82 seconds

Get the FOCA out of here

I was playing around with FOCA and decided to try it out on a major communications company’s website. What I found was a bunch of resumes. Essentially I now have 910 resumes that include names, addresses, email, work and education history and other personal information.

Well done major communication company. Don’t worry, I won’t tell!

By the way, I just have to know…who still uses Windows NT 4 or Microsoft

FOCA Office 2000?

Waiting

As I sit in a hospital waiting room, and as I visit with the patient, I can’t help but wonder if the infosec here is any good.

I am not a malicious person at all but I have been known to show people how vulnerable they really are.   Of course I typically follow this up with a lesson on how to be more secure.

The hospital is a well known hospital so part of me believes they’re probably prepared for what’s running through my mind but there are so many computers all over the place.   What I could do with a flash drive and 5 minutes.

Interestingly enough I have seen some “bad” behaviors such as nurses leaving themselves logged in to critical systems and walking away.   This is clearly a HIPAA no no.  I also noticed nurses and doctors are not very careful when typing in login information.   A little shoulder surfing and I don’t even need a flash drive.

Now before you run screaming to the authorities I did not actually do any of these things but when I consider the educational opportunities at this,  and probably many other,  hospital it astounds me that either they have not been properly trained or they’re just lax in their attitude towards information security.

By the way I’m currently typing this from my Android phone connected to the guest wifi at the hospital.   Wonder how many doctors and nurses are doing the same. ….hmmm.

Until next time. …