AdSense

Thursday, March 8, 2018

Pentest via cellular network (V): Nmap port scanner with SMS message


PENTEST VIA CELLULAR NETWORK (V): NMAP PORT SCANNER WITH SMS MESSAGE

- Layout for this exercise (Smartphone and Raspberry Pi / SIM card / Modem):




- This exercise is based on the four previous exercises:

http://www.whitelist1.com/2018/03/pentest-via-cellular-network-i-global.html
http://www.whitelist1.com/2018/03/pentest-via-cellular-network-ii.html
http://www.whitelist1.com/2018/03/pentest-via-cellular-network-iii-sms.html
http://www.whitelist1.com/2018/03/pentest-via-cellular-network-iv-port.html


1 - Writing the Python script

- The Python script used in this exercise uses libraries and scripts from previous exercises:






- Some libraries are imported:




- A function is defined  to process the SMS message requests:





- External stored data is invoked:




- The script waits until an SMS message arrives, then processing it, and finally giving back an answer:





2 - Testing the script

- First, from the smartphone an SMS message is launched asking about the port 22 of the localhost:





- Running the Python script at the Raspberry Pi, it detects the request from the smartphone and finally gives back an answer:












- Before launching another test to the host 192.168.1.6, let's perform an Nmap scan in the usual way:




- Now,  from the smartphone an SMS message is launched inquiring about the port 135 of the host 192.168.1.6:





- The Raspberry Pi gives an answer back to the smartphone via an SMS message, and the result is equal to the usual Nmap port scanning: port 135 is open.