HACKING WITH PAPER
By Sumedt JitpukdebodinWeb Application Security Specialist, ACIS i-Secure
LPIC-1, NCLA, C|EHv6, Sec+, eCPPT
WHO AM I?
▪ Learning Guy▪ Activities Guy▪ Writer
▫ Thai And English Article For Penetration Testing.▪ My book “Basic Hacking And Security”(THAI)▪ Gray Hat in sometimes.
▪ CITEC▫ Writer Of Linux Security In Hackazine.▫ Lecturer Of Ethical Hacking and Master Of Exploitation Courses.▫ One Of CITEC Live Team.▫ Security And Linux Consultant in the community.
MY JOB
i-Secure▪ Web Application Security Specialist▫ Security Research▫ Web Attacking Analysis▫ Web Application Firewall Engineer▫ Etc.
WHAT IS PAPER HACKING?
▪ Not new.▪ Not hard.▪ New target.▪ New way?
QR-CODE
▪ Barcode 2 Dimention▪ Japan▪ QR = Quick Response▪ Message, Contact, Picture anything that can be
the “characters” even “URL”▪ Maximum data 7089 numeric characters or
4296 alphanumeric characters = 2KB▪ Easy to read with Android and iOS Mobile and
Tablet.
QR-CODE(2)
▪ QR-Code In Korea▪ Every train station▪ Scan to buy▪ Pay by mobile
QR-CODE(3)
▪ QR-Code in Thailand▪ Magazine can talk!!!▪ http://www.youtube.com/v=X62xhsDqdBQ
TREND OF MOBILE
▪ Speed▪ Popular▪ Price
▪ Protection▪ Awareness
WHAT IS PAPER HACKING?
▪ QR-Code▪ Mobile▪ Social Engineering
STEP OF ATTACK
1. Create the evil site(s).2. Mapping the site into the real world.3. Create the QR-Code.4. Lure the people.5. Happy Time ☺
1) CREATE EVIL SITE.
▪ Android▫ Android Content Provider File Disclosure With
Metasploit▫ Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit
By MJ Keith▪ iPhone▫ iPhone MobileSafari LibTIFF Buffer Overflow
▪ Phishing▫ Gmail▫ Apple Store
1) CREATE EVIL SITE(2)
▪ Create script for detect any device with $_SERVER[‘HTTP_USER_AGENT’]▫ Redirect it to the match page.
1) CREATE EVIL SITE(3)
1) CREATE EVIL SITE(4)
iPhone
Android
Others
Evilsite:8081
Evilsite:8080
Evilsite/phishing2
2) MAPPING TO THE PUBLIC
▪ Forward Connections.▪ Dydns▪ NoIP
2) MAPPING TO THE PUBLIC
3) CREATE QR-CODE
▪ Web▫ http://qrcode.kaywa.com/▫ http://goqr.me/
▪ Android▫ QR Droid▫ QR Code Generator
▪ iPhone▫ Optiscan▫ Qrafter
3) CREATE QR-CODE(2)
4) LURE THE PEOPLE
▪ Social Engineering▫ Event▫ Interesting Word.▫ Negative Word.▫ Social Network.
5) HAPPY TIME ☺
Detect Device
Android
iPhone Others
Phishing2
Evilsite:8080Evilsite:8081
Phishing
5) HAPPY TIME ☺(1)
5) HAPPY TIME ☺(2)
5) HAPPY TIME ☺(3)
5) HAPPY TIME ☺(4)
Q&A