02 Preparing and Defending Against Scanning
02 Preparing and Defending Against Scanning
S e c t i o n 0 3 | M o d u l e 0 2
© Caendra Inc. 2019
All Rights Reserved
Table of Contents
Scanning: Definition
Scanning Techniques
& Defense
• War Dialing
• War Driving
• Nmap/Masscan/Nessus Scans
• WebRTC-based Scans
IHRPv1 - Caendra Inc. © 2019 | p.8
2.2.1 War Dialing
Attackers will also attempt to crack an AP’s security by using tools such
as aircrack, wepcrack and asleap.
The first two leverage flaws of the WEP algorithm to crack keys. All the
attacker has to do is sniff traffic for about half an hour and then the
WEP key can be cracked. A cracked WEP key means that the attacker
can view all data crossing the LAN.
The third tool essentially attacks a user’s Windows password hash after
sniffing LEAP challenge and response messages. It should be noted
that the attack is dictionary-based. After a successful attack the
attacker will be able to join a LEAP-protected wireless LAN.
https://www.aircrack-ng.org/
https://sourceforge.net/projects/wepcrack/ |
IHRPv1 - Caendra Inc. © 2019
http://www.willhackforsushi.com/?page_id=41 p.21
2.2.2 War Driving
They have combined WebRTC with XHR requests (or other cross-
origin interactions) to scan a user’s LAN from inside a malicious
page. Find below two implementations of such an attack.
• https://blog.beefproject.com/2016/06/mapping-your-lan-
from-web-browser.html
• https://portswigger.net/blog/exposing-intranets-with-reliable-
browser-based-port-scanning
PhoneSweep
https://www.niksun.com/product.php?id=17
InSSIDer
https://www.metageek.com/products/inssider/
aircrack
https://www.aircrack-ng.org/
wepcrack
https://sourceforge.net/projects/wepcrack/
asleap
http://www.willhackforsushi.com/?page_id=41
easy-creds
https://github.com/brav0hax/easy-creds
https://nmap.org/book/scan-methods.html
TCP Wrapper
http://www.admin-magazine.com/Articles/Secure-Your-Server-with-TCP-Wrappers
WebRTC
https://webrtc.org/
XHR
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest