Re: [PEN-TEST] PBX Security-norstar systems

[jason <nonsequiter19 () HOTMAIL COM>]

the DR5 is still in service and quite common, but no longer current.
nortel's current phone systems are the Compact ICS and Modular ICS. they
have remote admin, and there is a win 95/NT admin program available called
'Norstar PC Console Attendant', which directly mimics the functions of the
model 7310 telephone.
most companies dont bother to change the default password.




> I've only audited Meridian systems... but from my experience... you can get
> some pretty good information to start with.
>
> This is how I got the info I did:
>
> 1) Got installation manuals for the whole system.
> 2) Got copies of The system Coordinator Guides.  For a Meridian Norstar
> PBX,
> These Books are called "Norstar Modular DR5 System Coordinator Guide",
> "Norstar Modular DR5 Installer Guide", and I got the Installation Guide for
> the voice-Mail system (which happened to be StarTalk Flash).  I know I've
> seen a DR5.1 of these same manuals...
>
> I then called up a company that installs the systems, and acted like I was
> interested.  Yes, this is social engineering a third party, but it was
> necessary for what I was doing.  I asked to talk specifically to one of
> their installation and troubleshooting engineers because "one of my guys
> had
> some really technical questions".  I took him out to lunch, drank some
> beer,
> and in the end, I got him to give me photocopies of some "undocumented"
> feature codes, including one which can reset the administrator PIN.
>
> I learned the default passwords for the PBX, and a whole ton of feature
> codes just from reading the manuals.  With all the resources I got, any
> meridian norstar PBX is 100% open to me.
>
> It's unfair to use a known back-door when pen-testing.  The back-door on
> Norstar is pretty hard to stumble across, but it is nice to know the
> default
> passcodes, and test for things like that.  Good luck!
>
> -----Original Message-----
> From: Joe Traietta [mailto:JTraietta () ASAHIBANKNY COM]
> Sent: Wednesday, October 04, 2000 9:07 AM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: PBX Security
>
>
> I have been asked to perform a security review on the PBX system (NEC NEAX
> 2000 IVS) at my company.  I have virtually no PBX experience, so I was
> hoping somebody could point me to a good resource, or pass along some
> personal experience about reviewing / auditing a PBX system.
>
> Thank you.
>
> Joseph Traietta
> Data Security Officer
> Asahi Bank, New York Branch

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.