Skip to main content
#

root@localhost

SIPVicious PRO experimental now supports STIR/SHAKEN and 5 new tools

Published on Jul 6, 2022 in , , ,

We just made two builds available to our SIPVicious PRO members. One is called the stable build, while the other is the experimental build. The v6.0.0-beta.5 stable build includes a large number of fixes, much better (or sane) defaults and full coverage of SRTP throughout the toolset. The experimental version is where the excitement is. Our members now have access to 5 new tools that we find useful in our work:…

Read more »

Abusing SIP for Cross-Site Scripting? Most definitely!

Last updated on Jun 10, 2021 in , ,

Executive summary (TL;DR) SIP can be used as an attack vector for AppSec vulnerabilities such as cross-site scripting (XSS), potentially leading to unauthenticated remote compromise of critical systems. VoIPmonitor GUI had one such vulnerability which highlights this attack vector exceptionally well. The following writeup explores how persistent backdoor administrative access can be obtained by sending malicious SIP messages. This vulnerability was reported by Enable Security and fixed in VoIPmonitor GUI back in February 2021, using standard cross-site scripting protection mechanisms.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

SIPVicious OSS v0.3.4 released with exit codes and automation features

Published on Jun 2, 2021 in , , ,

We just made SIPVicious OSS v0.3.4 available, so go get it! Or install it via pip: pip install sipvicious --upgrade What’s new? Two main things: Exit codes, just like SIPVicious PRO’s Integration with Github Actions This release makes it much easier to use SIPVicious OSS within your CI/CD pipelines and other automation systems. One should, of course, read the documentation on automation for more information. But here’s an example script to get the idea of what can be done:…

Read more »
#

root@localhost

DEMO - An overview of the VoIP and RTC offensive security toolset, SIPVicious PRO

Published on May 25, 2021 in , , , , , ,

We pushed out a video that introduces the basics of SIPVicious PRO by demonstrating some of the attack tools and showing the building blocks for automating security testing of VoIP and WebRTC applications and infrastructure. What follows is a transcript of the video. Introduction Hello, I’m Sandro Gauci from Enable Security. In this video, I’d like to show you what we have been working on, SIPVicious PRO! Let’s start by introducing the tools.…

Read more »
#

root@localhost

SIPVicious PRO 6.0.0-beta.4 getting close to take-off!

Published on May 20, 2021 in , , ,

This one’s a bit of a boring update for SIPVicious PRO. That’s because we’re getting to a stable place where flag names and values do not change too often. Which means, we’re getting out of beta rather soon! However, it is still a major update because we made a significant number of internal changes. For example, we standardized a number of flags to be the same across all tools. We discovered that we can minimize each tool’s flagset by making use of config flags such as --auth-config that allows you to configure behaviours specific to how SIPVicious handles authentication (e.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

TADSummit Asia 2021 talk about SIPVicious Pro and the Demo Server

Published on May 18, 2021 in , , , , , , , ,

TADSummit is a great event where people from different backgrounds that are somehow involved in communications, contribute in various ways. I, personally, always look forward to see what’s coming up in the next TADSummit event. At the moment, TADSummit Asia presentations are currently being released on a daily basis on the main site. And last week, the presentation that I prepared was published! In the previous TADSummit, I had presented about why we need to bring an offensive approach to RTC security.…

Read more »
#

root@localhost

SIPVicious OSS 0.3.3 released with new STDIN and target URL specification

Published on Mar 25, 2021 in , , ,

Without further ado, please say hello to SIPVicious OSS 0.3.3! To install or upgrade run pip install -U sipvicious. For more installation methods, see the wiki. What’s new? SIP extensions and passwords from standard input We have a new feature which seems so simple yet so powerful: STDIN for dictionary input! This works for both svwar and svcrack. It is similar to what we did with SIPVicious PRO, which (surprisingly) proved to be a very popular feature.…

Read more »
Alfred Farrugia

Alfred Farrugia, Enable Security

Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution

Last updated on Mar 16, 2021 in , , , , , ,

Executive summary (TL;DR) We fuzzed VoIPmonitor by using SIPVicious PRO and got a crash in the software’s live sniffer feature when it is switched on. We identified the cause of the crash by looking at the source code, which was a classic buffer overflow. Then we realized that was fully exploitable since the binaries distributed do not have any memory corruption protection. So we wrote exploit code using ROP gadgets to get remote code execution by just sending a SIP packet.…

Read more »
#

root@localhost

SIPVicious OSS 0.3.2 released with more IPv6 goodness!

Published on Mar 3, 2021 in , , ,

The free and opensource version of SIPVicious has been updated so that support for IPv6 is also available in svmap. If you can’t wait to try it out, you can get it at the official repository or by using pip3 install sipvicious --upgrade. So now, with svmap’s IPv6 support, you can do stuff like: sipvicious_svmap -6 -v 2a01:7e01::f03c:92ff:fecf:60a8 INFO:DrinkOrSip:trying to get self ip .. might take a while INFO:root:start your engines INFO:DrinkOrSip:-:61500 -> 2a01:7e01::f03c:92ff:fecf:60a8:5060 -> kamailio (5.…

Read more »
#

root@localhost

SIPVicious PRO 6.0.0-beta.2 takes STDIN and fixes various bugs

Published on Feb 9, 2021 in , , ,

What we’re excited about in this minor update is the addition of a new feature to the SIP cracker in SIPVicious PRO. Basically, it now takes input from external tools through standard input. Why? Because it allows infinite ways of generating potential usernames, passwords and/or SIP extensions when making use of external tools such as the maskprocessor included in the well known password cracker, hashcat. Here’s an animation showing usage of the maskprocessor to generate passwords for the SIP online cracking tool:…

Read more »

Subscribe

Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

Interested in working with us? Get in touch

We hate spam and hard-selling and are committed to protecting and respecting your privacy. You can unsubscribe from these communications at any time. By subscribing, you are agreeing to the Terms and Conditions. this site uses reCAPTCHA, the Google Privacy Policy and Terms of Service apply.