Penetration Testing mailing list archives
Re: pentesting voip network-please help
From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Thu, 4 Feb 2010 15:20:03 +0200
Cain & Abel has also a very good VOIP sniffing feature. :) Ioannis (Yiannis) Koukouras CISSP, CISA, CISM MSc in Computer Systems Security BEng in Electronic Engineering http://www.linkedin.com/in/ikoukouras --- The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by responding to this email and then delete it from your system. On Tue, Feb 2, 2010 at 3:54 PM, McGhee, Eddie <Eddie.McGhee () ncr com> wrote:
Hi Marco, There is usually two tftps configured for the 7941 phone, I would check in settings and try to connect to the second tftp if available. These are available off these Settings -> Network configuration -> options 8 and 9 on 7941 I have on my desk here. Next I would look at where the busiest/most interesting RTP packets are coming from and choose which hosts to poison, if it is possible, get the IP's of staff high in the organization and arp poison these clients then sniff away. Last piece of advice may be relevant or not but backtrack is fully loaded with great tools for pentesting VOIP, is this what you are using? Regards phed -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mzcohen2682 () aim com Sent: 29 January 2010 18:16 To: pen-test () securityfocus com Subject: pentesting voip network-please help hi all !! im doing an internal (lan) pentest for a voip network. the network has 6 cisco call manager version 6.1.3 as a cluster. they have cisco phones 7911 and 7941. they use a seperate vlan por the voip network. I started by trying to download the images files for the phones from the tftp server by doing a brute force attack for the names of the files. I have access to one of the 7941 phones so I checked that the verion of the image is 4.0/8.0 (9.0) in not sure what should be the names for the file images that the phones reload after boot but according to cisco documentation there must be SIPdefault.cnf and OS79xx.txt on the root directory of the tftp server. but I tried and there are not.. so what are the nemes of the files? I read a documents that said that if im am able to download those files I will find lots of interseting information like phone passwords etc.. after that... I tried to capture some RTP conversations but without any success. I am connected to the voip vlan and used wireshark but It doesnt detect any calles ! shoud I do some arp spoofing attack? but to which mac's? any other ideas how to continue with this pentest? what I see is that although the client didnt implement encryption or any other security control just the vlan isnt not so eaxy to pentest a voip network.. thanks marco ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- pentesting voip network-please help mzcohen2682 (Feb 02)
- RE: pentesting voip network-please help 김무성 (Feb 03)
- RE: pentesting voip network-please help McGhee, Eddie (Feb 03)
- Re: pentesting voip network-please help Yiannis Koukouras (Feb 05)
- Re: pentesting voip network-please help Todd Haverkos (Feb 07)
- Message not available
- Re: pentesting voip network-please help Yiannis Koukouras (Feb 07)
- Re: pentesting voip network-please help Nick (Feb 09)
- Re: pentesting voip network-please help Yiannis Koukouras (Feb 05)