Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Hacking into a Windows CE PDA?

from [matthew wollenweber] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Hacking into a Windows CE PDA?
Date: Thu, 28 Jun 2007 11:40:51 -0400 
It's pretty easy to attack Windows Mobile. There was a good presentation at
Shmoocon 07 regarding that topic. If you can grab the slides it would be a
good starting point.

If you get physical access the game is over. Generally the things mount
automagically as a hard drive. Even if they don't 9 times out of 10 the
password is only a 4 digit numeric deal.

If you really want to exploit the thing Ida supports Windows CE files.
Generally the programs are very badly written so if you start fuzzing you'll
find something quickly. They're a bit of overhead to all that. You need the
SDK, the virtual Windows mobile device, and a newer version of Ida. However,
it's been my experience that that most Mobile apps crash on their own. So, a
couple minutes fuzzing is generally all you need.


On 6/28/07, rx8volution <rx8volution@ishackingyou.com> wrote: 

Hello folks,

    I have the occasion of needing to get an opinion on how 'difficult'
it would be to hack into (bypassing the 10-guess password limit, and
assuming complex passwords) a Windows 2003 Mobile Edition PDA.

    Thoughts?

Thanks.  //RX8volution.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
Matthew  Wollenweber
mwollenweber@gmail.com | mjw@cyberwart.com
www.cyberwart.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Hacking into a Windows CE PDA?, Joey Mengele
Next by Date:  Re: [Full-disclosure] Persistent XSS and CSRF on networkappliance[subject corrected :) ], Glenn.Everhart
Previous by Thread:  [Full-disclosure] Hacking into a Windows CE PDA?, rx8volution
Next by Thread:  Re: [Full-disclosure] Hacking into a Windows CE PDA?, James Matthews
Indexes:  [Date] [Thread] [Top] [All Lists]