Security Basics mailing list archives
Re: Seeking Information regarding VoIP security Assessment
From: "Ivan ." <ivanhec () gmail com>
Date: Thu, 15 Oct 2009 08:41:23 +1100
some dude posted this a while back - haven't tried it myself yet..... ++++++++++++++++++++++++++++++++++++++++++++++++++++++ I am pretty new to the list and just wanted to let everyone know that I have developed a VoIP security live distribution called VAST. The distro includes VoIP security assessment tools such as UCsniff, VoipHopper, Videojak, videosnarf, ACE, Warvox, and a number of other useful tools along with traditional security assessment tools like Metasploit, Nmap, Netcat, Hydra, Hping2 and others. The link for the distro is http://vipervast.sourceforge.net. The distro is still in a very beta stage and suggestions are welcome. Cheers, Mike Jones C|EH E|CSA ACSA GCIH GHTQ GHD 6e6f7468696e67206973206173206974207365656d73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ On Thu, Oct 15, 2009 at 5:14 AM, J. Oquendo <cisa () e-fensive net> wrote:
Abhishek Kumar wrote:Really very helpful suggestions and resources. Actually I have been given a task to write 2-3 page writeup on VoIP Security and how we can do VoIP security assessment. regards abhiDepends on what your goal(s) is/are. For example, snooping (eavesdropping) is accomplished by sniffing the wire and recompiling the audio (RTP or other protocol used http://www.ietf.org/rfc/rfc3550.txt?number=3550) which would affect confidentiality. With any kind of packet injection tool and knowledge of SIP (if SIP is targeted) you could do some interesting things. Because most VoIP equipment are using a client server set-up and almost ALL VoIP based phones have a web interface, they're DoSable, prone to the same attacks as any other HTTP server. Imagine the following: Using curl being able to reset variables. Not a big deal at first glimpse, however imagine this: Scenario1: You change your caller ID as that of an employee. Call IT and tell them "reset my X (voicemail, email, etc.) password" Because the IT guy wants to validate you he uses caller ID and does so. Scenario2: You change your caller ID as that of an employee. Call IT and tell them "reset my X (voicemail, email, etc.) password" Because the IT guy wants to validate you he refuses to use caller ID and tells you he will call you right back. At this point if you DoS'd the phone it wouldn't receive calls hence them going into voicemail. In comes perl, curl or whatever packet builder you prefer... Perform a POST to the phone or server, depending on your craftiness and time, reset the voicemail PIN. Go into the user's voicemail, instant pentesting gratification. There are plenty of ways to abuse VoIP - the facts are facts though - it's just data. From a sniffing/PITA perspective, you could snoop calls, splice together audio and create your own soundboard WITH that person's voice - perhaps bypassing voice recognition. Sky's the limit when you have a focus on what it is you want to do. So ask yourself that first... What is it you want to do... Capture data, manipulate data, etc. I know quite a few revisions of firmware on certain phone vendors that I can re-write POSTS and reset phones, passwords, change names, insert a call forward argument. It all boils down to what is it you're trying to accomplish. In the case of an assessment, the approach for me would be to start at the ground up. Test the security of the phone application itself (HTTP scanner), test if any ports are open and why - which means you'd have to have literature from the manufacturer, test the tamperability of the connection (can you sniff the wire, any vlans (VLAN hopping), can you perform posts/injections, etc). Follow the same steps you would for any client server. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Lim Ming Wei (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Jon Kibler (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment Nikhil Wagholikar (Oct 14)
- RE: Seeking Information regarding VoIP security Assessment SOC (Oct 14)
- Message not available
- Re: Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment J. Oquendo (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Ivan . (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Rick Zhong (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment DiPo (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment J. Oquendo (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment DiPo (Oct 15)