We have discussed about the VoIP penetration testing and security risk and this is the second part of this series article/tutorial, VoIP and wireless security is an important field to discuss because the security risks are very high so below is the demonstration on VoIP hacking with different tools and operating system that has been used for the demonstration was Linux backtrack 5 r2.
Sniffing on VoIP Network
The concept of sniffing in VoIP network is the same as a generalnetwork sniffing concept. I will use some of the most famous tools to
demonstrate the sniffing attack on VoIP network. Let us start with
Wireshark, which is able to capture VoIP traffic.
Now let’s suppose the end users (extensions) are busy
communicating with each other, and that an attacker is trying to
capture some traffic so that he/she will able to get the data (their
communication).
Wireshark has captured some traffic. As discussed above on the
protocol section, RTP contains the information. The question now is:
how do we extract information from these packets? Wireshark provides
the option to extract the information with a built-in feature for
VoIP. Click on the telephony tab – VoIP calls you. You will then
get this window:
Click on the player, then on the decode tab. You are now able to
listen in to this communication and all of the data available in the
audio file.
SIP Authentication Cracking (VoIP Cracking)
The importance of password is not a hidden
truth, so in this section I will show you how to crack the password
of any extension (user) on VoIP network. This attack is the most
dangerous, because if an attacker know your password, then he/she
will be able to authenticate on the network by using your identity.
The Wireshark result can be used for
authentication cracking. Save the result into name.pcap; we will now
use a wonderful tool called SIPcrack. It contains two scripts: one,
sipdump, which will allow you to dump the authentication data into
hashes; the second, sipcrack, which will help you to crack the VoIP
password.
| 01 02 03 04 05 06 07 08 09 10 11 12 13 |
root@bt:~/Desktop/SIPcrack# ./sipdumpSIPdump 0.3pre ( MaJoMu | www.codito.de---------------------------------------* Using pcap file 'aa.pcap' for sniffing* Starting to sniff with packet filter* Dumped login from 192.168.1.9 ->Exiting, sniffed 1 logins |
Sipcrack needs a wordlist to launch an
attack. As a result, it will give you the password.
Another wonderful tool that will help you to
crack the SIP password is svcrack. As with the others, it can be find
under the tool suite of sipvicious. Svcrack is wonderful for brute
force attacks on SIP accounts.
| 1 2 3 4 5 6 7 |
root@bt:/pentest/voip/sipvicious#| Extension | Password |------------------------| 600 | 12345 | |
Denial of Service Attack on VoIP Network
Denial of server (DOS) attack is a dangerous attack that can cause
the VoIP network and devices to crash. Inviteflood is the tool used
to launch DOS attacks against any extensions (user) on the VoIP
network. Usage:
| 1 2 |
./inviteflood interface targetuser./inviteflood eth0 600 192.168.1.3 |
It seems to be a “ping of death” attack
and it will crash the end user operating system, disabling the
ability of he/she to make any calls.
Iaxflood is another a good tool that can
flood the IAX2 protocol; the usage is very simple:
| 1 2 |
root@bt:/pentest/voip/iaxflood#usage: ./iaxflood sourcename |
A simple usage like:
| 01 02 03 04 05 06 07 08 09 10 11 |
root@bt:/pentest/voip/iaxflood#Will flood port 4569 from port 4569We have IP_HDRINCLNumber of Packets sent:Sent 10000root@bt:/pentest/voip/iaxflood# |
Metasploit on VoIP Penetration Testing
Metasploit has a different auxiliary modulefor VoIP network. Here is the list of some best auxiliary modules of
metasploit for VoIP hacking:
- auxiliary/scanner/sip/options
(To find the SIP enable devices) - auxiliary/scanner/sip/enumerator (To
enumerate the extensions)
testing by using metasploit auxiliary modules for information
gathering and enumeration. We can scan an entire network to find the
SIP enable devices, plus metasploit auxiliary modules are fast.
| 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 |
msf > usemsf auxiliary(options) > set RHOSTSRHOSTS => 192.168.1.1/24msf auxiliary(options) > run[*] 192.168.1.3 sip:nobody@192.168.1.3[*] 192.168.1.9 200 agent='Asterisk PBX[*] 192.168.1.9 200 agent='Asterisk PBX[*] Scanned 256 of 256 hosts (100%[*] Auxiliary module execution completedmsf auxiliary(options) > |
VoIP Phishing
Security awareness is very important. Beforeconcluding this article, I just want to briefly discuss VoIP
phishing. Phishing is not a new attack – it is pretty old school –
but it remains a threat because hackers usually use some social
engineering technique to trick a user before stealing his/her
credential information. You might have heard about email phishing, in
which an attacker directs the victim to a fake page, so that they
will enter their confidential information. In the same fashion, a
hacker can hijack your calls to get your credential information.
Let’s suppose someone received a call or
email like this:
“Hi, this is an urgent email (call) that has beenTypically, an unwary user will call back;
generated by the network administrator. We have found something wrong
with your account, so please call back at XXXX-XXXX-XXX to verify
your account.” “
the hacker may then ask for some confidential information. You need
to understand the risk; educate people around you.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.
No comments:
Post a Comment