Posted inCybersecurity Mastery Hacking

Hacking Information Gathering and Device Analysis Tutorial

No Comments
Hacking Information Gathering and Device Analysis Tutorial

This tutorial provides a guide on how to use various network scanning tools to discover and analyze devices connected to a network. We’ll use tools like ifconfig, Netdiscover, and Zenmap to gather network information and potentially access a vulnerable device.

This tutorial is for beginners.

How to Defend Against This Attack

Avoid Jailbreaking Your Phone:

Jailbroken phones are vulnerable because they establish an SSH connection and often retain the default password.

If You Do Jailbreak:

Change the default SSH password immediately to secure your device.

Tools Required:

  • ifconfig (or ip on newer systems)
  • Netdiscover
  • Nmap (Zenmap for GUI)
  • SSH client

Step 1: Discovering Devices Connected to the Same Network

  1. Identify Your IP Address:
  • Open a terminal.
  • Enter the following command to display network configuration:
   ifconfig
  • For newer Linux versions, use:
   ip a
  • Look for your IP address listed under inet within your network interface details.
  • Note down the IP address. It will be something like 192.168.100.10.

2. Connect Network Adapter to Wi-Fi:

  • Ensure your network adapter is connected to the intended Wi-Fi network.
  • Run the command again to check the connection details and confirm your IP address:
   ifconfig
  1. Determine the IP Range for Scanning:
  • Based on your IP address, determine the network range. For example, if your IP is 192.168.100.10, your network range might be 192.168.100.0/24.
  • Use your own IP address to determine this range.

4. Scan with Netdiscover:

  • Use the following command to scan the network:
   netdiscover -r 192.168.100.0/24
  • Replace 192.168.100.0/24 with your own IP range. This will list active devices, but it might not provide extensive detail about each device.

Step 2: Gathering Sensitive Information about Connected Devices

  1. Set Up Zenmap:
  • Open Zenmap (the GUI for Nmap).
  • Enter the same IP range (e.g., 192.168.100.0/24) into the target field.

2. Run a Ping Scan:

  • Select the Ping Scan profile to quickly identify live hosts without sending too many packets.
  • This scan is faster and less intrusive, providing a quick overview of active devices.

3. Perform a Quick Scan:

  • After identifying active hosts, select the Quick Scan profile.
  • This scan provides more detailed information than a ping scan, including open ports and, potentially, the operating system details.

Step 3: Gathering More Sensitive Information and Accessing a Vulnerable iPhone

  1. Run Quick Scan Plus:
  • Choose the Quick Scan Plus profile for a more thorough scan.
  • This scan takes longer but digs deeper into each device’s configuration and open ports.

2. Analyze the Results:

  • Review the scan results for any unusual open ports or services.
  • Particularly look for devices with SSH (port 22) open.

3. Accessing a Jailbroken iPhone:

  • If you find an iPhone with port 22 open, it’s likely jailbroken.
  • Try to access it using SSH:
   ssh root@192.168.100.XX
  • Replace 192.168.100.XX with the actual IP number of the iPhone.
  • The default password for many jailbroken iOS devices is alpine.

Important Note:

Accessing devices without permission is illegal and unethical. This tutorial is intended for educational purposes only—to demonstrate the potential vulnerabilities in network devices, particularly those that are not properly secured or updated. Always ensure you have explicit permission to scan and access network devices.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *