Penetration Testing mailing list archives
Re: Tools for voicemail testing?
From: Alexandre Bezroutchko <pentest7 () scanit be>
Date: Tue, 03 Jun 2003 15:15:19 +0200
Hi,I have some custom tools (hardware and software) I use in voice-mail audits. It allows to automate pretty much any dialogue with voice mail systems. You capture audio samples from the target voice mail system and then write a Perl script using external library which
implements function such as audio pattern recognition.For example, algorithms similar to one below (I do not have access to the original veresion right now) was tested on several voice mail systems and gave very impressive results -- full keyspace search (4 digits) in 15 hours. Apparently, it is much faster than most people think
is possible ;).
---------------------------------------------------------------------
for(;;) {
hangup
dial $voicemail_number
wait_for "voicemail_prompt.pat"
send dmtf "*"
for(;;) {
$pin = get_new_pin_from_dictionary()
wait for "enter_your_pin_code.pat"
send dtmf $pin
$answer = wait for "invalid_pin.pat", "hangup.pat"
last if $answer eq "hangup.pat"
next if $answer eq "invalid_pin.pat"
print "Suspicious pin code '$pin\n"
last;
}
}
---------------------------------------------------------------------
Similar techniques can be used to automatically traverse through
voice mail menu tree, sending strange sequences of DTMF (or some other)
tones to the system and analyse responce.
I have developed it for in-house use. We do not give it away for free,
but it is not a commercial-grade
software either. If you are interested, contact me and we can discuss
licensing terms.
-- Alexandre Bezroutchko Scanit n.v., Belgium http://www.scanit.be/ -------- Original Message -------- Subject: Tools for voicemail testing? Date: Sun, 1 Jun 2003 23:26:56 -0700 (PDT) From: "Todd A. Jacobs" <tjacobs-keyword-ptest01.f946df () codegnome org> To: pen-test () securityfocus com I've been Googling for about four hours tonight, and haven't been able to turn up any current tools for performing brute-force attacks on voicemail boxes. Does anyone know of any FOSS or commercial tools for performing this sort of test? -- The DMCA is anti-consumer. The RIAA has no right to rewrite copyright laws to suit themselves. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Tools for voicemail testing? Todd A. Jacobs (Jun 02)
- Re: Tools for voicemail testing? Mark Rowe (Jun 03)
- Re: Tools for voicemail testing? Chris Hall (Jun 03)
- <Possible follow-ups>
- Re: Tools for voicemail testing? Cory . Bys (Jun 02)
- RE: Tools for voicemail testing? Rob Shein (Jun 02)
- Re: Tools for voicemail testing? Alexandre Bezroutchko (Jun 03)
- RE: Tools for voicemail testing? Stephan Barnes (Jun 04)
- RE: Tools for voicemail testing? Todd A. Jacobs (Jun 09)