Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hacking with paper

869 views

Published on

How to hack people with paper (QRCode)?

Published in: Technology
  • Be the first to comment

Hacking with paper

  1. 1. HACKING WITH PAPER By Sumedt Jitpukdebodin Web Application Security Specialist,ACIS i-Secure LPIC-1, NCLA, C|EHv6, Sec+, eCPPT
  2. 2. WHO AM I? ▪ Learning Guy ▪ Activities Guy ▪ Writer ▫ Thai And English Article For PenetrationTesting. ▪ My book “Basic Hacking And Security”(THAI) ▪ Gray Hat in sometimes. ▪ CITEC ▫ Writer Of Linux Security In Hackazine. ▫ Lecturer Of Ethical Hacking and Master Of Exploitation Courses. ▫ One Of CITEC LiveTeam. ▫ Security And Linux Consultant in the community.
  3. 3. MY JOB i-Secure ▪ Web Application Security Specialist ▫ Security Research ▫ Web Attacking Analysis ▫ Web Application Firewall Engineer ▫ Etc.
  4. 4. WHAT IS PAPER HACKING? ▪ Not new. ▪ Not hard. ▪ New target. ▪ New way?
  5. 5. QR-CODE ▪ Barcode 2 Dimention ▪ Japan ▪ QR = Quick Response ▪ Message, Contact, Picture anything that can be the “characters” even “URL” ▪ Maximum data 7089 numeric characters or 4296 alphanumeric characters = 2KB ▪ Easy to read with Android and iOS Mobile and Tablet.
  6. 6. QR-CODE(2) ▪ QR-Code In Korea ▪ Every train station ▪ Scan to buy ▪ Pay by mobile
  7. 7. QR-CODE(3) ▪ QR-Code inThailand ▪ Magazine can talk!!! ▪ http://www.youtube.com/v=X62xhsDqdBQ
  8. 8. TREND OF MOBILE ▪ Speed ▪ Popular ▪ Price ▪ Protection ▪ Awareness
  9. 9. WHAT IS PAPER HACKING? ▪ QR-Code ▪ Mobile ▪ Social Engineering
  10. 10. STEP OF ATTACK 1. Create the evil site(s). 2. Mapping the site into the real world. 3. Create the QR-Code. 4. Lure the people. 5. HappyTime ☺
  11. 11. 1) CREATE EVIL SITE. ▪ Android ▫ Android Content Provider File Disclosure With Metasploit ▫ Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit By MJ Keith ▪ iPhone ▫ iPhone MobileSafari LibTIFF Buffer Overflow ▪ Phishing ▫ Gmail ▫ Apple Store
  12. 12. 1) CREATE EVIL SITE(2) ▪ Create script for detect any device with $_SERVER[‘HTTP_USER_AGENT’] ▫ Redirect it to the match page.
  13. 13. 1) CREATE EVIL SITE(3)
  14. 14. 1) CREATE EVIL SITE(4) iPhone Android Others Evilsite:8081 Evilsite:8080 Evilsite/phishing2
  15. 15. 2) MAPPING TO THE PUBLIC ▪ Forward Connections. ▪ Dydns ▪ NoIP
  16. 16. 2) MAPPING TO THE PUBLIC
  17. 17. 3) CREATE QR-CODE ▪ Web ▫ http://qrcode.kaywa.com/ ▫ http://goqr.me/ ▪ Android ▫ QR Droid ▫ QR Code Generator ▪ iPhone ▫ Optiscan ▫ Qrafter
  18. 18. 3) CREATE QR-CODE(2)
  19. 19. 4) LURE THE PEOPLE ▪ Social Engineering ▫ Event ▫ Interesting Word. ▫ Negative Word. ▫ Social Network.
  20. 20. 5) HAPPY TIME ☺ Detect Device Android iPhone Others Phishing2 Evilsite:8080 Evilsite:8081 Phishing
  21. 21. 5) HAPPY TIME ☺(1)
  22. 22. 5) HAPPY TIME ☺(2)
  23. 23. 5) HAPPY TIME ☺(3)
  24. 24. 5) HAPPY TIME ☺(4)
  25. 25. Q&A

×