Tags › security tools
If SIPVicious gives you a ring…
Published on Dec 10, 2012 in asterisk, cyber crime, sip security, sipvicious oss, security tools
Note: SIPVicious version 0.28 is out, go get it. I like to keep an eye on the social media and Google alerts for SIPVicious and in the last few months I noticed a rise in mentions of the tools. Specifically, a number of Korean twitter users (who have their service with KT, a VoIP service provider) complaining about receiving a call from a caller-id showing ‘SIPVicious’. After contacting a Korean friend, this led to an interview by a reporter for an article that was published on a Korean tech news site Boan News.…
Read more »SIPVicious 0.2.7 released and rewrite coming up, looking for testers!
Published on Feb 22, 2012 in sip security, sipvicious oss, security tools
Get it now! This is the last release in the 0.2 series which fixes a number of stability issues and bugs before moving on to a total rewrite. Are you a SIPVicious user? Get in contact if you have a VoIP lab or simply want to test the rewrite of SIPVicious. The internal version already includes support for TCP, TLS and IPv6 ;-) The changelog for this one: Feature: svcrash.py has a new option -b which bruteforces the attacker’s port Feature: svcrack.…
Read more »Asterisk forensics: the logs vs the attackers
Published on Jan 2, 2012 in sipvicious oss, security tools, voip security, asterisk
Recently I had the opportunity to present on VoIP insecurity around various conferences this year, on my own and also with Joffrey Czarny. At Secure 2011 we had one day a workshop and one of the things we showed was the effect of a typical SIPVicious attack on an Asterisk box. The following videos (best seen in full screen and high quality) illustrate what happens. When we run svmap.py, nothing usually shows up on the asterisk logs.…
Read more »VOIPPACK updated to v1.4
Published on Jan 25, 2011 in security tools, sip security, asterisk
Quick note, VOIPPACK now includes support for Cisco Call Manager and more tools to break that Asterisk PBX (FreePBX / Trixbox focus). The blog post on EnableSecurity includes more details.…
Read more »Distributed SIP scanning during Halloween weekend
Published on Nov 4, 2010 in sipvicious oss, security tools, sip security
Over last weekend there were a number of reports of VoIP (especially Asterisk) servers that were “under heavy attack”. I have looked at some packet traces and noticed how the SIP messages look very similar to the ones generated by SIPVicious especially svwar.py. In fact, I think this is a modified version of SIPVicious that is being distributed on a botnet. Take a look at the following message generated by these new scans:…
Read more »New beta of VIPER VAST released 2.76
Published on Jul 21, 2010 in sipvicious oss, security tools
And that includes all the latest goodness, including SIPVicious. This is a great tool for those needing an up to date VoIP hackin.. er penetration testing distro :-) Download it from here.…
Read more »How to crash SIPVicious - introducing svcrash.py
Published on Jun 22, 2010 in sipvicious oss, denial of service, security tools
A new tool has been added to SIPVicious - svcrash.py. As the name implies, it crashes something - svwar.py and svcrack.py. This tool is meant to be used by system administrators and organizations that are receiving unauthorized scans on their exposed IP PBX. Quick links: Download the latest version :: Watch a short demo of svcrash.py Since this is a little different from the usual, I’ll provide a bit of background first.…
Read more »New tool in the works: TFTPTheft
Published on May 28, 2010 in security tools, tftp theft
Most sysadmins just love the idea of switching on a box that just works automatically. In the case of IP phones that is typically possible by setting up the right DHCP config and a TFTP server hosting firmware and configuration. My introduction to TFTP The TFTP protocol typically runs over port 69, and the above image shows a rather insecure doll. The TFTP protocol is rather simple and lightweight: Runs on top of UDP Does not support authentication Only supports pulling and pushing (GET and PUT) of files (no directory listing) New tools?…
Read more »SIPVicious 0.2.5 out
Published on May 19, 2010 in sipvicious oss, security tools, sip security
Latest SIPVicious. It has been a while since I released an update to SIPVicious. It is mostly a bug-fix and “play nice” update. Download it from here. Changelog: v0.2.5 (20100519) Feature: svwar.py has “scan for default / typical extensions” option. This option tries to guess numeric extensions which have certain patterns such as 1212 etc. Option is -D, –enabledefaults General: svwar.py and svcrack.py now have a new option which allows you to see how long the tools will scan without receiving any response back.…
Read more »VIPER VAST includes SIPVicious
Published on Oct 5, 2009 in sipvicious oss, security tools
A quick post to refer to the live bootable CD from Viperlabs called VIPER VAST. It’s a Linux distribution that includes a good number of tools that can help in a VoIP security assessment. I think I’ll be giving this a try next time around. What makes this useful is if you want to quickly have a machine with all the right libraries, drivers and packages installed to be able to run tools such as UCsniff.…
Read more »