RootAdmin.co.uk

So your phones got wifi and blue tooth,  need to know the blutooth device address or your wlan mac address?

*#2820# (*#BTA0#) – This will display the Bluetooth device address for your Nokia

*#62209526# (*#MAC0WLAN) – This will show you the MAC address of the WLAN adapter on your nokia

I said i would try to hack my phone – the Nokia E71 in other ways, so i tried using Nessus.

for those who dont know what nessus is, “The Nessus® vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.”

The only thing i managed to find out – was this (and im not surprised it didnt turn up much becuase of the results of my NMAP Scan i did earlier this week “network scan results nokia e71″ and the fact that Nessus doesnt have much if anything for symbian devices)

Host Fully Qualified Domain Name (FQDN) Resolution

192.168.1.69 resolves as Unknown-00-24-7d-80-ed-69.home. Nessus ID : 12053

Nessus Scan Information

Information about this scan : Nessus version : 4.0.1 (Build 1021) Plugin feed version : 200906130634 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 192.168.1.66 Port scanner(s) : nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Optimize the test : yes CGI scanning : disabled Max hosts : 40 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date : 2009/6/13 13:26 Scan duration : 455 sec Nessus ID : 19506

Ethernet card brand

Synopsis : The manufacturer can be deduced from the Ethernet OUI. Description : Each ethernet MAC address starts with a 24-bit ‘Organizationally Unique Identifier’. These OUI are registered by IEEE. See also : http://standards.ieee.org/faqs/OUI.html http://standards.ieee.org/regauth/oui/index.shtml Risk factor : None Plugin output : The following card manufacturers were identified : 00:24:7d:80:ed:69 : Nokia Danmark A/S Nessus ID : 35716

Well tonight I decided not to go to bed at a normal time, stayed up a bit later and ran an Nmap network scan against my phone to see if i could find any backdoors or vulnerabilities for the device. i ran an intese scan against my phone

What i found was i can Ping the device successfully

My phone is currently Nokia’s E71

After running the nmap command “nmap -sS -sU -T4 -A -v -PE -PA21,23,80,3389 192.168.1.254″, i got the following output :

Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-08 22:31 GMT Daylight Time

NSE: Loaded 28 scripts for scanning.

Initiating ARP Ping Scan at 22:31

Scanning 192.168.1.75 [1 port]

Completed ARP Ping Scan at 22:31, 0.25s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 22:31

Completed Parallel DNS resolution of 1 host. at 22:31, 0.00s elapsed

Initiating SYN Stealth Scan at 22:31

Scanning Unknown-00-24-7d-80-ed-69.home (192.168.1.75) [1000 ports]

Increasing send delay for 192.168.1.75 from 0 to 5 due to 39 out of 96 dropped probes since last increase.

Completed SYN Stealth Scan at 22:31, 8.67s elapsed (1000 total ports)

Initiating UDP Scan at 22:31

Scanning Unknown-00-24-7d-80-ed-69.home (192.168.1.75) [1000 ports]

Increasing send delay for 192.168.1.75 from 0 to 50 due to 11 out of 26 dropped probes since last increase.

Increasing send delay for 192.168.1.75 from 50 to 100 due to max_successful_tryno increase to 5

Increasing send delay for 192.168.1.75 from 100 to 200 due to max_successful_tryno increase to 6

Warning: Giving up on port early because retransmission cap hit.

UDP Scan Timing: About 9.70% done; ETC: 22:37 (0:04:49 remaining)

UDP Scan Timing: About 15.51% done; ETC: 22:38 (0:05:32 remaining)

UDP Scan Timing: About 28.01% done; ETC: 22:39 (0:05:11 remaining)

UDP Scan Timing: About 36.07% done; ETC: 22:39 (0:04:49 remaining)

UDP Scan Timing: About 42.61% done; ETC: 22:39 (0:04:24 remaining)

UDP Scan Timing: About 48.80% done; ETC: 22:39 (0:04:00 remaining)

UDP Scan Timing: About 54.80% done; ETC: 22:39 (0:03:34 remaining)

UDP Scan Timing: About 60.54% done; ETC: 22:39 (0:03:08 remaining)

UDP Scan Timing: About 66.53% done; ETC: 22:39 (0:02:42 remaining)

UDP Scan Timing: About 72.54% done; ETC: 22:39 (0:02:13 remaining)

UDP Scan Timing: About 78.89% done; ETC: 22:39 (0:01:42 remaining)

UDP Scan Timing: About 84.37% done; ETC: 22:39 (0:01:16 remaining)

UDP Scan Timing: About 90.63% done; ETC: 22:39 (0:00:46 remaining)

Completed UDP Scan at 22:42, 638.74s elapsed (1000 total ports)

Initiating Service scan at 22:42

Scanning 245 services on Unknown-00-24-7d-80-ed-69.home (192.168.1.75)

Service scan Timing: About 0.41% done

Service scan Timing: About 6.53% done; ETC: 23:10 (0:26:14 remaining)

Service scan Timing: About 12.65% done; ETC: 23:04 (0:18:59 remaining)

Service scan Timing: About 18.78% done; ETC: 23:01 (0:15:52 remaining)

Service scan Timing: About 24.90% done; ETC: 23:00 (0:13:50 remaining)

Service scan Timing: About 31.02% done; ETC: 23:00 (0:12:14 remaining)

Service scan Timing: About 37.14% done; ETC: 22:59 (0:10:52 remaining)

Service scan Timing: About 43.27% done; ETC: 22:59 (0:09:37 remaining)

Service scan Timing: About 49.39% done; ETC: 22:59 (0:08:27 remaining)

Service scan Timing: About 55.51% done; ETC: 22:58 (0:07:21 remaining)

Service scan Timing: About 61.63% done; ETC: 22:58 (0:06:17 remaining)

Service scan Timing: About 67.76% done; ETC: 22:58 (0:05:14 remaining)

Service scan Timing: About 73.88% done; ETC: 22:58 (0:04:13 remaining)

Service scan Timing: About 80.00% done; ETC: 22:58 (0:03:13 remaining)

Service scan Timing: About 86.12% done; ETC: 22:58 (0:02:13 remaining)

Service scan Timing: About 92.24% done; ETC: 22:58 (0:01:14 remaining)

Completed Service scan at 22:58, 935.05s elapsed (245 services on 1 host)

Initiating OS detection (try #1) against Unknown-00-24-7d-80-ed-69.home (192.168.1.75)

NSE: Script scanning 192.168.1.75.

NSE: Starting runlevel 1 scan

Initiating NSE at 22:58

Completed NSE at 22:58, 30.02s elapsed

NSE: Script Scanning completed.

Host Unknown-00-24-7d-80-ed-69.home (192.168.1.75) is up (0.068s latency).

All 2000 scanned ports on Unknown-00-24-7d-80-ed-69.home (192.168.1.75) are closed (1755) or open|filtered (245)

MAC Address: 00:24:7D:80:ED:69 (Unknown)

Device type: switch|general purpose|phone

Running: Bay Networks embedded, IBM i5/OS V5, Nokia Symbian OS 9.X|10.X, Sony Ericsson embedded, Sony Ericsson Symbian OS 9.X

Too many fingerprints match this host to give specific OS details

Network Distance: 1 hop

So as you can see, no port open to go probing at, ill have to rethink how to hack my phone but thtat i for a later date