CONTENTS Project Title Tools Used
Download
Report
Transcript CONTENTS Project Title Tools Used
VOIP EXPLOITS USING KALI LINUX
TOOLS
PROJECT BY:
KARNATI VAMSI KRISHNA
VANKANA SIVA SAKETH REDDY
CONTENTS
Project Title
Tools Used
SIPSAK
Metasploit
XPLICO
Implementations
Problems Faced
References
PROJECT TITLE
“Pen testing and Exploits using KALI Linux Tools”
TOOL USED
SIPSAK:
This tool can be used testing SIP devices & applications.
This can be done just by using OPTION req method.
In our project we used it to Fingerprint the SIP device.
IMPLEMENTING SIPSAK
WE USED THIS TOOL TO FINGERPRINT THE SIP
DEVICES.
COMAND: sipsak –vv –s sip:10.103.5.217
TOOL USED
METASPLOIT:
Using the Modules & Auxiliaries available in Metasploit
framework VoIP can be exploited.
This framework can be used for several attacks.
We can use it for enumerating SIP extensions.
We can use it for creating fake SIP invite request, which
makes the target device ring.
IMPLEMENTING METASPLOIT
WE USED THIS TOOL TO ENUMERATE DEVICES AND
TO FLOOD INVITE REQUESTS TO SIP DEVICES.
COMMANDS:
Use auxiliary/scanner/sip/options
Use auxiliary/voip/sip-invite-spoof
RESULTS:
SIP Devices are enumerated
SIP device receives several invite requests, which cause for
multiple Rings.
IMPLEMENTING XPLICO
WE USED THIS TOOL TO CAPTURE SIP TRAFFIC
COMMANDS:
SIPCRACK TOOL
COMMAND:
sipdump –p <pcapfile> auth.txt
Dumps the authentication data from PCAP file into auth.txt
Sipcrack –w <dictionary file> auth.txt
Cracks the password of the Sip device
TOOLS TRIED
SIPSAK
METASPLOIT
SIPCRACK
VOIPONG
VOMIT
XPLICO
REFERENCES:
•
www.google.com
•
http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP
•
http://www.enderunix.org/voipong/manual/book.html#INSTALLATION
•
http://zer0byte.com/2013/03/19/kali-linux-complete-tools-list-installation-screenshots/
•
http://www.offensive-security.com/metasploitunleashed/Msfconsole_Commands#path