Skip to main content

Tags asterisk

Sandro Gauci

Sandro Gauci, Enable Security

Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms

Executive summary (TL;DR) Exploiting CVE-2022-0778 in a WebRTC context requires that you get a few things right first. But once that is sorted, DoS (in RTC) is the new RCE! How I got social engineered into looking at CVE-2022-0778 A few days ago, Philipp Hancke, self-proclaimed purveyor of the dark side of WebRTC, messaged me privately with a very simple question: “are you offering a DTLS scanner by chance?” He explained how in the context of WebRTC it would be a bit difficult since you need to get signaling right, ICE (that dance with STUN and other funny things) and finally, you get to do your DTLS scans.…

Read more »

Fuzzing PJSIP and chan_skinny, vulnerability information and advisories

Published on May 23, 2017 in , , , ,

In the recent past, Alfred Farrugia and myself started looking at fuzzing OpenSource VoIP projects such as Asterisk, FreeSWITCH and Kamailio and their dependencies. Our internal Enable Security project was given the unimaginative name of rtcfuzz and, by now, we are making use of a combination of public tools like American Fuzzy Lop and Radamsa, together with our internal tools …And is, of course, giving us some good results. We reported three issues to Digium, two of which actually affect PJSIP and one of which affect chan_skinny.…

Read more »

If SIPVicious gives you a ring…

Note: SIPVicious version 0.28 is out, go get it. I like to keep an eye on the social media and Google alerts for SIPVicious and in the last few months I noticed a rise in mentions of the tools. Specifically, a number of Korean twitter users (who have their service with KT, a VoIP service provider) complaining about receiving a call from a caller-id showing ‘SIPVicious’. After contacting a Korean friend, this led to an interview by a reporter for an article that was published on a Korean tech news site Boan News.…

Read more »

Asterisk forensics: the logs vs the attackers

Published on Jan 2, 2012 in , , ,

Recently I had the opportunity to present on VoIP insecurity around various conferences this year, on my own and also with Joffrey Czarny. At Secure 2011 we had one day a workshop and one of the things we showed was the effect of a typical SIPVicious attack on an Asterisk box. The following videos (best seen in full screen and high quality) illustrate what happens. When we run svmap.py, nothing usually shows up on the asterisk logs.…

Read more »

VOIPPACK updated to v1.4

Published on Jan 25, 2011 in , ,

Quick note, VOIPPACK now includes support for Cisco Call Manager and more tools to break that Asterisk PBX (FreePBX / Trixbox focus). The blog post on EnableSecurity includes more details.…

Read more »

AstriCon roundup and vendors adding security features

Published on Oct 29, 2010 in , ,

So I’ve finally been to AstriCon and I noticed a great increased interest amongst the attendees with regards to security, fraud and “hacking”. The slides for my presentation titled “Just how vulnerable is your phone system” can be downloaded from this location. So what are the changes and additions from the software developer’s side? Asterisk 1.8 has been released touting TLS support for SIP and SRTP support too, plus a framework to make auditing easier 3CX havereleased a major security update with features to make it easier to set proper passwords I just received an email from Brekeke highlighting their security pageon their wiki which was originally published on March 11, 2009 What accounts for these changes?…

Read more »

Getting phonecalls during the middle of the night on your Asterisk server?

Published on Dec 10, 2009 in ,

You’re not alone. People with malicious intentions are scanning for open SIP servers all the time. Aster1sk from Geekhut.org posted a useful video for those of you using a badly configured FreePBX + Asterisk. I’m sure this will be useful for someone..…

Read more »

Scan your public facing PBX with VOIPSCANNER.com

Published on Jul 17, 2009 in , ,

Announcing VOIPSCANNER.com, the SaaS Voice over IP Security scanner. If you’re already familiar with SIPVicious, then you can guess what this tool does. This online tool makes it easier than ever to check if the Asterisk box you just installed, or most other SIP PBX servers, is misconfigured and contains weak credentials. Attackers on the ’net are already doing this for their own benefit, don’t wait until they hit your PBX!…

Read more »

Troopers09 & IAX2 support

Published on Apr 15, 2009 in , ,

I will be co-presenting in Munich together with Wendel on Web Application Firewall insecurities and dropping some new tools. If any readers are going to be around the area for Troopers09 next week, drop me a note. Beer is mostly welcome. My Twitter account will probably be getting a few updates ;-) As a sidenote.. VOIPPACK now gets IAX2 support, with 3 additional tools. Most notable is IAX2autohack which is very similar to sipautohack but for the Asterisk protocol.…

Read more »

How to identify Asterisk servers and upload MOSDEF on AsteriskNOW

Published on Feb 18, 2009 in ,

Originally posted this on EnableSecurity’s blog but cross posting since not everyone is subscribed. IAX2Scan and AsteriskNOW_Exec - security testing for Asterisk from Sandro Gauci on Vimeo.…

Read more »