Re: Tools for voicemail testing?

From: Alexandre Bezroutchko (pentest7_at_scanit.be)
Date: 06/03/03

  • Next message: Alfred Huger: "New Focus Areas on SecurityFocus.com X-POST" 
    Date: Tue, 03 Jun 2003 15:15:19 +0200
To: pen-test@securityfocus.com

      Hi,

    I have some custom tools (hardware and software) I use in voice-mail
    audits. It allows
    to automate pretty much any dialogue with voice mail systems. You
    capture audio samples
    from the target voice mail system and then write a Perl script using
    external library which
    implements function such as audio pattern recognition.

    For example, algorithms similar to one below (I do not have access to
    the original veresion
    right now) was tested on several voice mail systems and gave very
    impressive results -- full
    keyspace search (4 digits) in 15 hours. Apparently, it is much faster
    than most people think
    is possible ;).

    ---------------------------------------------------------------------
    for(;;) {
       hangup
       dial $voicemail_number

       wait_for "voicemail_prompt.pat"
       send dmtf "*"

      for(;;) {
        $pin = get_new_pin_from_dictionary()

        wait for "enter_your_pin_code.pat"
        send dtmf $pin

        $answer = wait for "invalid_pin.pat", "hangup.pat"
        last if $answer eq "hangup.pat"
        next if $answer eq "invalid_pin.pat"

        print "Suspicious pin code '$pin\n"
        last;
      }
    }
    ---------------------------------------------------------------------

    Similar techniques can be used to automatically traverse through
    voice mail menu tree, sending strange sequences of DTMF (or some other)
    tones to the system and analyse responce.

    I have developed it for in-house use. We do not give it away for free,
    but it is not a commercial-grade
    software either. If you are interested, contact me and we can discuss
    licensing terms. 

    -- 
Alexandre Bezroutchko
Scanit n.v., Belgium
http://www.scanit.be/
-------- Original Message --------
Subject: Tools for voicemail testing?
Date: Sun, 1 Jun 2003 23:26:56 -0700 (PDT)
From: "Todd A. Jacobs" <tjacobs-keyword-ptest01.f946df@codegnome.org>
To: pen-test@securityfocus.com
I've been Googling for about four hours tonight, and haven't been able to
turn up any current tools for performing brute-force attacks on voicemail
boxes. Does anyone know of any FOSS or commercial tools for performing
this sort of test?
-- 
The DMCA is anti-consumer. The RIAA has no right to rewrite copyright
laws to suit themselves.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: Alfred Huger: "New Focus Areas on SecurityFocus.com X-POST"