150 likes | 498 Views
VOIP EXPLOITS USING KALI LINUX TOOLS. PROJECT BY: KARNATI VAMSI KRISHNA VANKANA SIVA SAKETH REDDY. CONTENTS. Project Title Tools Used SIPSAK Metasploit XPLICO Implementations Problems Faced References. PROJECT TITLE. “Pen testing and Exploits using KALI Linux Tools”. TOOL USED.
E N D
VOIP EXPLOITS USING KALI LINUX TOOLS PROJECT BY: KARNATI VAMSI KRISHNA VANKANA SIVA SAKETH REDDY
CONTENTS • Project Title • Tools Used • SIPSAK • Metasploit • XPLICO • Implementations • Problems Faced • References
PROJECT TITLE “Pen testing and Exploits using KALI Linux Tools”
TOOL USED • SIPSAK: • This tool can be used testing SIP devices & applications. • This can be done just by using OPTION req method. • In our project we used it to Fingerprint the SIP device.
IMPLEMENTING SIPSAK WE USED THIS TOOL TO FINGERPRINT THE SIP DEVICES. COMAND: sipsak–vv –s sip:10.103.5.217
TOOL USED • METASPLOIT: • Using the Modules & Auxiliaries available in Metasploit framework VoIP can be exploited. • This framework can be used for several attacks. • We can use it for enumerating SIP extensions. • We can use it for creating fake SIP invite request, which makes the target device ring.
IMPLEMENTING METASPLOIT WE USED THIS TOOL TO ENUMERATE DEVICES AND TO FLOOD INVITE REQUESTS TO SIP DEVICES. COMMANDS: Use auxiliary/scanner/sip/options Use auxiliary/voip/sip-invite-spoof RESULTS: SIP Devices are enumerated SIP device receives several invite requests, which cause for multiple Rings.
IMPLEMENTING XPLICO WE USED THIS TOOL TO CAPTURE SIP TRAFFIC COMMANDS:
SIPCRACK TOOL • COMMAND: sipdump –p <pcapfile> auth.txt Dumps the authentication data from PCAP file into auth.txt Sipcrack –w <dictionary file> auth.txt Cracks the password of the Sip device
TOOLS TRIED • SIPSAK • METASPLOIT • SIPCRACK • VOIPONG • VOMIT • XPLICO
REFERENCES: • www.google.com • http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP • http://www.enderunix.org/voipong/manual/book.html#INSTALLATION • http://zer0byte.com/2013/03/19/kali-linux-complete-tools-list-installation-screen-shots/ • http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands#path