4g | Kip - Knowledge Is Power

That a Phone in Your Pocket or Are You Scanning My Network?

Monday, January 16, 2012

Article by Ken Westin

Mobile Penetration Testing: Is That A Phone In Your Pocket Or Are You Scanning My Network?

When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network from a remotely.

Companies focus most of the security spending and policies on keeping hackers from the outside in, from firewalls and other security hardening appliances, software and tools.

However, given the proliferation of mobile devices in the workplace and use of Wi-Fi networks inside of an office, attacking from inside the network provides unique opportunities.

Smartphones have become much more powerful over the past few years, with powerful processors and a plethora of hardware at your fingertips. Combine this power into a compact unit with the right apps you can scan a network from the inside in seconds along with several other new types of attacks and information gathering.

Your browser may not support display of this image. Mobile devices have accelerated productivity as they move to replace many of the other devices we used to carry in a small package. Most phones have Wi-Fi capability, cameras, mass storage capability and a persistent internet connection via 3G and 4G and allow a wide number of applications and if rooted provide many of the same tools as a computer, but with more hardware and network capabilities. Continue reading →

1,486 total views

From: http://www.linuxnix.com/2011/03/mount-directory-locally-linux-sshfs.html

Step1:Installing Package

On Ubuntu/Debain

apt-get install sshfs

On Redhat/CentOS/Fedora

rpm -ivh fuse-sshfs-1.8-1.el5.rf.i386.rpm

Step2:Once the package is installed we have to create a mount point and mount our server data using sshfs command, for which we require user-name/password. Here are my details for this task.

My Username: root

My password: redhat

My Server: 10.233.10.212

My mount point: /mnt/ssh

Now create the mount point and mount SSH account data.

#mkdir /mnt/ssh #sshfs [email protected]:/ /mnt/ssh/ [email protected]'s password:

Step3:Testing our set-up

Check if you are able to see the SSH data

#cd /mnt/ssh

#ls

Sample output

bin   cdrom     data  etc   initrd.img      lib         media  opt   root  selinux  sys   tmp  var      vmlinuz.old
boot  cmdb-bkp  dev   home  initrd.img.old  lost+found  mnt    proc  sbin  srv      test  usr  vmlinuz

What about df -hs command output?

Sample output

Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2              12G  8.4G  2.5G  78% /
/dev/sda6              80G   43G   34G  56% /var
/dev/sda5             2.0G   41M  1.8G   3% /home
/dev/sda1              99M   12M   83M  12% /boot
tmpfs                 506M     0  506M   0% /dev/shm
sshfs#[email protected]:/
 1000G     0 1000G   0% /mnt/ssh

Step4:So what about mounting it permanently?. We can do it by editing fstab file in /etc folder

#vi /etc/fstab

go to last line and type below line

sshfs#[email protected]:/ /mnt/ssh fuse defaults 0 0

Save the file and exit. Now run mount -a to update the fstab file state to kernel.

#mount -a

Let me explain what entry in fstab indicates. We are mentioning mount user root data which is located on 10.233.10.212 server on to /mnt/ssh using fuse file system with default settings.

Step5:What about unmounting this drive?

#umount /mnt/ssh

Enjoy new learning of mounting a folder using SSH protocol.

1,433 total views