GITBOOK-3878: change request with no subject merged in GitBook
This commit is contained in:
parent
551efedf6a
commit
d8f6431f57
|
@ -187,6 +187,8 @@ If you find VoIP equipment inside an **Open Wifi network**, you could **sniff al
|
|||
|
||||
Among the network information, you could find **web credentials** to manage the equipment, user **extensions**, **username**, **IP** addresses, even **hashed passwords** and **RTP packets** that you could reproduce to **hear the conversation**, and more.
|
||||
|
||||
To get this information you could use tools such as Wireshark, tcpdump... but a **specially created tool to sniff VoIP conversations is** [**ucsniff**](https://github.com/Seabreg/ucsniff).
|
||||
|
||||
{% hint style="danger" %}
|
||||
Note that if **TLS is used in the SIP communication** you won't be able to see the SIP communication in clear.\
|
||||
The same will happen if **SRTP** and **ZRTP** is used, **RTP packets won't be in clear text**.
|
||||
|
@ -392,6 +394,49 @@ exec 3<>/dev/tcp/10.10.10.10/5038 && echo -e "Action: Login\nUsername:test\nSecr
|
|||
|
||||
**More information or actions could be requested.**
|
||||
|
||||
### **Eavesdropping**
|
||||
|
||||
In Asterisk it's possible to use the command **`ChanSpy`** indicating the **extension(s) to monitor** (or all of them) to hear conversations that are happening. This command need to be assigned to an extension.
|
||||
|
||||
For example, **`exten => 333,1,ChanSpy('all',qb)`** indicate that if you **call** the **extension 333**, it will **monitor** **`all`** the extensions, **start listening** whenever a new conversation start (**`b`**) in quiet mode (**`q`**) as we don't want to interact on it. You could go from one conversation happening to another pressing **`*`**, or marking the extension number.
|
||||
|
||||
It's also possible tu use **`ExtenSpy`** to monitor one extension only.
|
||||
|
||||
Instead of listening the conversations, it's possible to **record them in files** using an extension such as:
|
||||
|
||||
{% code overflow="wrap" %}
|
||||
```scss
|
||||
[recorded-context]
|
||||
exten => _X.,1,Set(NAME=/tmp/${CONTEXT}_${EXTEN}_${CALLERID(num)}_${UNIQUEID}.wav)
|
||||
exten => _X.,2,MixMonitor(${NAME})
|
||||
```
|
||||
{% endcode %}
|
||||
|
||||
Calls will be saved in **`/tmp`**.
|
||||
|
||||
You could also even make Asterisk **execute a script that will leak the call** when it's closed.
|
||||
|
||||
```scss
|
||||
exten => h,1,System(/tmp/leak_conv.sh &)
|
||||
```
|
||||
|
||||
### RTP Injection
|
||||
|
||||
It's possible to insert a **`.wav`** in converstions using tools such as **`rtpinsertsound`** (`sudo apt install rtpinsertsound`) and **`rtpmixsound`** (`sudo apt install rtpmixsound`).
|
||||
|
||||
Or you could use the scripts from [http://blog.pepelux.org/2011/09/13/inyectando-trafico-rtp-en-una-conversacion-voip/](http://blog.pepelux.org/2011/09/13/inyectando-trafico-rtp-en-una-conversacion-voip/) to **scan conversations** (**`rtpscan.pl`**), send a `.wav` to a conversation (**`rtpsend.pl`**) and **insert noise** in a conversation (**`rtpflood.pl`**).
|
||||
|
||||
### DoS
|
||||
|
||||
There are several ways to try to achieve DoS in VoIP servers.
|
||||
|
||||
* [**IAXFlooder**](https://www.kali.org/tools/iaxflood/): DoS IAX protocol used by Asterisk
|
||||
* [**inviteflood**](https://github.com/foreni-packages/inviteflood/blob/master/inviteflood/Readme.txt): A tool to perform SIP/SDP INVITE message flooding over UDP/IP.
|
||||
* [**rtpflood**](https://www.kali.org/tools/rtpflood/): Send several well formed RTP packets. Its needed to know the RTP ports that are being used (sniff first).
|
||||
* [**SIPp**](https://github.com/SIPp/sipp): Allows to analyze and generate SIP traffic. so it can be used to DoS also.
|
||||
* [**SIPsak**](https://github.com/nils-ohlmeier/sipsak): SIP swiss army knife. Can also be used to perform SIP attacks.
|
||||
* Fuzzers: [**protos-sip**](https://www.kali.org/tools/protos-sip/), [**voiper**](https://github.com/gremwell/voiper).
|
||||
|
||||
<details>
|
||||
|
||||
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a><a href="https://twitter.com/carlospolopm"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
|
||||
|
|
Loading…
Reference in New Issue