Penetration Testing mailing list archives

Re: [PEN-TEST] PBX Security

From: "Gallicchio, Florindo (2282)" <florindo.gallicchio () ESAVIO COM>
Date: Wed, 4 Oct 2000 12:14:26 -0400

Noah:

I realize that as a consulting company you expended resources to obtain the
information you mentioned in your post.  In keeping with the open-exchange
spirit of the Pen-Test list, would you consider sharing that information
with the members of the list?  Or, do you know of a Web site on which we
could find that information?

Florindo

-----Original Message-----
From: Dunker, Noah
To: PEN-TEST () SECURITYFOCUS COM
Sent: 10/4/00 11:44 AM
Subject: Re: [PEN-TEST] PBX Security

I've only audited Meridian systems... but from my experience... you can
get
some pretty good information to start with.

This is how I got the info I did:

1) Got installation manuals for the whole system.
2) Got copies of The system Coordinator Guides.  For a Meridian Norstar
PBX,
These Books are called "Norstar Modular DR5 System Coordinator Guide",
"Norstar Modular DR5 Installer Guide", and I got the Installation Guide
for
the voice-Mail system (which happened to be StarTalk Flash).  I know
I've
seen a DR5.1 of these same manuals...

I then called up a company that installs the systems, and acted like I
was
interested.  Yes, this is social engineering a third party, but it was
necessary for what I was doing.  I asked to talk specifically to one of
their installation and troubleshooting engineers because "one of my guys
had
some really technical questions".  I took him out to lunch, drank some
beer,
and in the end, I got him to give me photocopies of some "undocumented"
feature codes, including one which can reset the administrator PIN.

I learned the default passwords for the PBX, and a whole ton of feature
codes just from reading the manuals.  With all the resources I got, any
meridian norstar PBX is 100% open to me.

It's unfair to use a known back-door when pen-testing.  The back-door on
Norstar is pretty hard to stumble across, but it is nice to know the
default
passcodes, and test for things like that.  Good luck!

-----Original Message-----
From: Joe Traietta [mailto:JTraietta () ASAHIBANKNY COM]
Sent: Wednesday, October 04, 2000 9:07 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: PBX Security


I have been asked to perform a security review on the PBX system (NEC
NEAX
2000 IVS) at my company.  I have virtually no PBX experience, so I was
hoping somebody could point me to a good resource, or pass along some
personal experience about reviewing / auditing a PBX system.

Thank you.

Joseph Traietta
Data Security Officer
Asahi Bank, New York Branch

Current thread:

[PEN-TEST] PBX Security Joe Traietta (Oct 04)
- Re: [PEN-TEST] PBX Security David Spinks (Oct 04)
- Re: [PEN-TEST] PBX Security Frasnelli, Dan (Oct 04)
- Re: [PEN-TEST] PBX Security Talisker (Oct 04)
- <Possible follow-ups>
- Re: [PEN-TEST] PBX Security PRAYAGSING MUKESH (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security David Alexander (Oct 04)
- Re: [PEN-TEST] PBX Security Gallicchio, Florindo (2282) (Oct 04)
- Re: [PEN-TEST] PBX Security Loschiavo, Dave (Oct 04)
  - Re: [PEN-TEST] PBX Security Mark L. Jackson (Oct 05)
- Re: [PEN-TEST] PBX Security Curphey, Mark (ISS Atlanta) (Oct 04)
- Re: [PEN-TEST] PBX Security Fricke, Gregory D. (Oct 04)
- Re: [PEN-TEST] PBX Security Ben Grubin (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security Davidson,Sam (Oct 04)
- Re: [PEN-TEST] PBX Security Alex Balayan (Oct 04)