Penetration Testing mailing list archives
Re: Pbx testing
From: "lion nagar" <lionbsd () gmail com>
Date: Wed, 14 Jun 2006 20:19:51 +0200
Hi, well a general list would be: 1. default passwords, almost all PBX's got default passwords on them, some PBX's even got ftp servers on them to upload files, or delete them... 2. supervisor console phone. most companies have at least 1 console phone with access to administrative " feature access codes", some would let you disable phones, move phone extensions, listening to calls, divert calls ,etc... if you are really lucky and the system guy is just "copy" extensions there might be even more than 1. 3. "call menu", scan the phone number range, try calling the reception desk at night, you might get a voice recorded greeting you to enter an extension, some of the administrators don't validate the digits entered and you can abuse the system for long distance calls, or even some of the "feature access codes" mentioned above. 4. most companies have their PBX connected to a phone line for maintenance from a 3'rd party, installing licenses, maintenance, etc... get that number and try getting in from home. there are few more issues with PBX's, and some companies really depends on the phone system for the company to work (call centers, telemarketing, etc..) and since Internet has gone everywhere people pay less attention to their telephone system, and leave a lot of holes. hope that helps a bit, Lior On 6/13/06, Grizzly <grizzly () bee-side net> wrote:
Hi list, have someone any idea about general pbx testing (assessment, pentest)? Thanks! -- Massimiliano Spini GnuPG ID 5113DFD8 GnuPG Fp A2E0 097F 008B 76FE DCBA 6BC4 8261 4587 5113 DFD8 ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Pbx testing Grizzly (Jun 13)
- Re: Pbx testing lion nagar (Jun 14)
- <Possible follow-ups>
- Re: Pbx testing Marco Ivaldi (Jun 27)