Penetration Testing mailing list archives
RE: pentesting voip network-please help
From: 김무성 <kimms () infosec co kr>
Date: Wed, 3 Feb 2010 09:21:20 +0900
Hello. Try to check this 000000000000.cfg 000000000000-directory~.xml 323tosip1_1.bin 4601_02_readme_R2_3.txt 4601dbte1_82.bin 4602_02SWSIPreadme_R1_1.txt 4602dbte1_82.bin 4602sbte1_82.bin 4610_20_readme_R2_3.txt 4610_20_readme_SIP_R2_2.txt 4624_12_06readme_1_8_3.txt 4625_readme_2_5.txt 4690_010707.bin 4690_readme_1_7_7.txt 46xxreadme_111405.txt 46xxsettings.txt 46xxupgrade.scr a01d01b2_3.bin a02d01b2_3.bin a10d01b2_3.bin a20d01a2_3.bin a20d01b2_3.bin a25d01a2_5.bin b01d01b2_3.bin b02d01b2_3.bin b10d01b2_3.bin b20d01a2_3.bin b20d01b2_3.bin b25d01a2_5.bin bbla0_83.bin bootrom.ld cisco_util CP7912010301SIP050608A.sbin cvt01_2_3.bin cvt02_2_3.bin cvt02sw_2_3.bin def06r1_8_3.bin def24r1_8_3.bin dialplan.xml gkdefault.cfg infrared.txt merlin2.pcm OS79XX.TXT P003-07-5-00.bin P003-07-5-00.sbn P0S3-07-5-00.bin P0S3-07-5-00.loads P0S3-07-5-00.sb2 phbook00e011010455.txt phone1.cfg release.xml RINGLIST.DAT s10d01b2_2.bin s20d01b2_2.bin SEP000F34118045.cnf SEP001562EA69E8.cnf SEPDefault.cnf SIP000F34118045.cnf SIPinsertMAChere.cnf SIP000F34118045.cnf SIPinsertMAChere.cnf SIPinsertMAChere.cnf sip_4602ap1_1.ebin sip_4602bt1_1.ebin sip_4602D01A.txt sip_4602D02A.txt sip.cfg SIPDefault.cnf sip.ld sipto323_1_1.ebin sip.ver SoundPointIPLocalization SoundPointIPWelcome.wav syncinfo.xml test test.txt uip200_463enc.pac uniden00e011030397.txt unidencom.txt XMLDefault.cnf.xml For call sniifing, you have to arp spoof or make hub network arp spoof between Gateway and your computer. Try~! -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mzcohen2682 () aim com Sent: Saturday, January 30, 2010 3:16 AM To: pen-test () securityfocus com Subject: pentesting voip network-please help hi all !! im doing an internal (lan) pentest for a voip network. the network has 6 cisco call manager version 6.1.3 as a cluster. they have cisco phones 7911 and 7941. they use a seperate vlan por the voip network. I started by trying to download the images files for the phones from the tftp server by doing a brute force attack for the names of the files. I have access to one of the 7941 phones so I checked that the verion of the image is 4.0/8.0 (9.0) in not sure what should be the names for the file images that the phones reload after boot but according to cisco documentation there must be SIPdefault.cnf and OS79xx.txt on the root directory of the tftp server. but I tried and there are not.. so what are the nemes of the files? I read a documents that said that if im am able to download those files I will find lots of interseting information like phone passwords etc.. after that... I tried to capture some RTP conversations but without any success. I am connected to the voip vlan and used wireshark but It doesnt detect any calles ! shoud I do some arp spoofing attack? but to which mac's? any other ideas how to continue with this pentest? what I see is that although the client didnt implement encryption or any other security control just the vlan isnt not so eaxy to pentest a voip network.. thanks marco ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- pentesting voip network-please help mzcohen2682 (Feb 02)
- RE: pentesting voip network-please help 김무성 (Feb 03)
- RE: pentesting voip network-please help McGhee, Eddie (Feb 03)
- Re: pentesting voip network-please help Yiannis Koukouras (Feb 05)
- Re: pentesting voip network-please help Todd Haverkos (Feb 07)
- Message not available
- Re: pentesting voip network-please help Yiannis Koukouras (Feb 07)
- Re: pentesting voip network-please help Nick (Feb 09)
- Re: pentesting voip network-please help Yiannis Koukouras (Feb 05)