Re: pentesting voip network-please help



Marco,

You might want to check out viper labs software download section (videojack videosnarf ucsniff) all useful tools, also checkout Defcon 17 achieve the did a nice presentation.
www.twitter.com/infolookup


-----Original Message-----
From: mzcohen2682@xxxxxxx
Date: Fri, 29 Jan 2010 13:14:04
To: <security-basics@xxxxxxxxxxxxxxxxx>
Subject: pentesting voip network-please help





hi all !!

im doing an internal (lan) pentest for a voip network. the network has
6 cisco call manager version 6.1.3 as a cluster. they have cisco phones
7911 and 7941. they use a seperate vlan por the voip network.

I started by trying to download the images files for the phones from
the tftp server by doing a brute force attack for the names of the
files.

I have access to one of the 7941 phones so I checked that the verion of
the image is 4.0/8.0 (9.0)
in not sure what should be the names for the file images that the
phones reload after boot but according to cisco documentation there
must be SIPdefault.cnf and OS79xx.txt on the root directory of the tftp
server. but I tried and there are not..

so what are the nemes of the files? I read a documents that said that
if im am able to download those files I will find lots of interseting
information like phone passwords etc..

after that... I tried to capture some RTP conversations but without any
success. I am connected to the voip vlan and used wireshark but It
doesnt detect any calles ! shoud I do some arp spoofing attack? but to
which mac's?

any other ideas how to continue with this pentest?

what I see is that although the client didnt implement encryption or
any other security control just the vlan isnt not so eaxy to pentest a
voip network..

thanks

marco









------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • RE: pentesting voip network-please help
    ... im doing an internal pentest for a voip network. ... I started by trying to download the images files for the phones from ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: pentesting voip network-please help
    ... Cain is a great tool for arp poisoning and information gathering and I believe it can also track and save voip calls. ... im doing an internal pentest for a voip network. ... I started by trying to download the images files for the phones from ...
    (Security-Basics)
  • pentesting voip network-please help
    ... im doing an internal pentest for a voip network. ... the network has 6 cisco call manager version 6.1.3 as a cluster. ... I started by trying to download the images files for the phones from the tftp server by doing a brute force attack for the names of the files. ...
    (Pen-Test)
  • pentesting voip network-please help
    ... im doing an internal pentest for a voip network. ... the network has 6 cisco call manager version 6.1.3 as a cluster. ... I started by trying to download the images files for the phones from the tftp server by doing a brute force attack for the names of the files. ...
    (Security-Basics)
  • Re: Paging Windows Smartphone users
    ... Bear amazed us all with this pearl of wisdom: ... > grief you could, at your discretion, download the "recovery" ROM thingy ... >>> It's all phones for you had. ... I wanted a holster. ...
    (uk.rec.motorcycles)