AdSense

Thursday, March 8, 2018

Pentest via cellular network (V): Nmap port scanner with SMS message


PENTEST VIA CELLULAR NETWORK (V): NMAP PORT SCANNER WITH SMS MESSAGE

- Layout for this exercise (Smartphone and Raspberry Pi / SIM card / Modem):




- This exercise is based on the four previous exercises:

http://www.whitelist1.com/2018/03/pentest-via-cellular-network-i-global.html
http://www.whitelist1.com/2018/03/pentest-via-cellular-network-ii.html
http://www.whitelist1.com/2018/03/pentest-via-cellular-network-iii-sms.html
http://www.whitelist1.com/2018/03/pentest-via-cellular-network-iv-port.html


1 - Writing the Python script

- The Python script used in this exercise uses libraries and scripts from previous exercises:






- Some libraries are imported:




- A function is defined  to process the SMS message requests:





- External stored data is invoked:




- The script waits until an SMS message arrives, then processing it, and finally giving back an answer:





2 - Testing the script

- First, from the smartphone an SMS message is launched asking about the port 22 of the localhost:





- Running the Python script at the Raspberry Pi, it detects the request from the smartphone and finally gives back an answer:












- Before launching another test to the host 192.168.1.6, let's perform an Nmap scan in the usual way:




- Now,  from the smartphone an SMS message is launched inquiring about the port 135 of the host 192.168.1.6:





- The Raspberry Pi gives an answer back to the smartphone via an SMS message, and the result is equal to the usual Nmap port scanning: port 135 is open.











Pentest via cellular network (IV): port scanning with Python-nmap


PENTEST VIA CELLULAR NETWORK (IV): PORT SCANNING PYTHON-NMAP

- Layout for this exercise (Smartphone and Raspberry Pi / SIM card / Modem):





1 - Installing Python-Map on the Raspeberry Pi

- python-nmap is a python library which helps in using Nmap port scanner.

- It allows to easilly manipulate nmap scan results and will be a perfect tool for systems administrators who want to automatize scanning task and reports. 

- It also supports nmap script outputs.

- For further information:

https://xael.org/norman/python/python-nmap/

- Python-nmap works on top of Nmap, so let's make sure that Nmap is previosly installed:




- Downloading python-nmap:






- Uncompressing:






- Setting up and installing:






2 - Testing python-nmap with Python interactive mode

- Now, let's check its funcionality scanning the port 22 of the localhost Raspberry Pi, invoking python-nmap from Python:




- The SSH port 22 is in "open" status:





3 - Writing a Python script using python-nmap

- This Python script uses python-nmap for scanning, and it is based on the documentation provided by the python-nmap official website: 

https://xael.org/norman/python/python-nmap/






- Let's notice that the final section of the script just indicates to scan the localhost port 22:




- Running the script the result is successful:











Pentest via cellular network (III): SMS messages with Hologram Python SDK


PENTEST VIA CELLULAR NETWORK (III): SMS MESSAGES WITH HOLOGRAM PYTHON SDK

- Layout for this exercise (Smartphone and Raspberry Pi / SIM card / Modem):





- The goal of this exercise is to send/receive SMS messages between a Hologram modem (installed at a Raspberry Pi device) and a smartphone via the celullar network, using the Hologram Python SDK library.


- First of all, let's create an external data script where the device key and the phone number are stored:







- Now, importing libraries from the Hologram Python SDK, this Python script sends an SMS  message and prints the successful result:







- Running SendTEST.py:




- In similar way, this Python script puts the modem into receiving mode and prints the message once it has been received:






- Running ReceiveTEST.py (in the image I have removed the sender phone number by privacy reasons):                                                                                                                                                                                











- The smartphone screen displays the SMS messages exchanged with the modem:










Pentest via cellular network (II): Hologram Nova Global 2G/3G Modem


PENTEST VIA CELLULAR NETWORK (II): HOLOGRAM NOVA GLOBAL 2G/3G MODEM

- Layout for this exercise (Smartphone and Raspberry Pi / SIM card / Modem):




1 - Hologram Nova Global 2G/3G Modem

- The modem Hologram Nova is a global 3G/2G cellular modem purpose-built for IoT and single board computers like the Raspberry Pi. 

- Paired with Hologram's CLI/Python SDK and global cellular network, the Nova is a simple plug-and-play modem for instant connectivity and secure data messaging.

- At the moment of writing this text, it can be bought online at a price of $49.

https://hologram.io/store/nova-global-cellular-modem/36








- Before the Nova modem can be operational the SIM must be activated (as done at previous exercise) so that it can gain access to the cellular network.

- The SIM card is inserted into the slot of the bottom of the Nova board, being careful that the Nova is not plugged-in at that moment:






- The Nova modem kit includes two quad-band flexible UFL anntenas, operating over 850/900/1900/2100 MHz bands.

- The larger black anntena is expected to provide better reception, though the yellow antenna has the benefit of fitting better due to its smaller size.

- The anntenas are attached pressing firmly down the gold UFL connector:




- Once the modem is operating correctly there are two LEDs (blue and red) providing feedback about what is going on inside the modem:


  • The blue LED represents whether the modem is on/off.
  • The red LED indicates the network status: off (no network detected), double blink(2G), rapid blink (3G), solid (connected)




2 - Hologram Python SDK

- The Python SDK and Hologram CLI are available on Github as open source.

- The Hologram Ptython SDK allows to connect and communicate the Hologram SIM card and the Nova USB modem with other IoT platforms for cellular connectivity:

https://github.com/hologram-io















- Installing the Hologram Python SDK to the Raspberry Pi device:



..............................




- On next exercises this Python SDK platform will be used abundantly:







3 - Checking the functionality of the modem


- First of all, let's check that Raspberry Pi detects the modem connected to one of its USB ports:





- Accessing available ports:




- hologram command has got several options:





- Detecting the type of modem:




- Printing the celullar network available:




- Printing the SIM card number used with the modem:




- Printing the signal strength:




- Printing the location:





4 - Sending and receiving SMS messages between a cellular phone and a modem


- Connecting the modem to the cellular network:




- A new interface ppp0 (point-to-point-protocol) is created:




- Checking the Internet connectivity let's see the huge replay delays of the pings, what it is understable in this kind of connection:




- Now, to send/receive SMS messages the cellular phone device key is required (available at the user Dashboard):




- Sending a message from the modem to the phone:




- The message is successfully received at the phone:




- Preparing the modem to receive SMSs:





- The phone answers:


















- The phone receives the message:




- Finally the modem can be disconnected: