Homeland Security Dept's PBX hacked?

Ouch! ZDNet have a short article about a misconfigured PBX making 400 calls to some of the hottest countries around: Afghanistan, India, Yemen and Saudi Arabia. Very ugly .. hope that the details emerge. If anyone has more details email me or post here.

Promotional message: SIPVicious is free - test your SIP based PBX before someone else does ;-)

Surf Jack - HTTPS will not save you

Alert: this is not a VoIP security post. Just a repost from EnableSecurity.

I just released a new paper and tool on the subject of web application security.

Check out the blog post (which includes the bonus video everyone loves), and the proof of concept tool itself.

And if you did not do it already, please subscribe to my other site, EnableSecurity's RSS feed.

New SIPVicious release 0.2.4

Just updated the release of SIPVicious to 0.2.4 to include a couple of bug fixes in svwar and a new feature. The new "--template" parameter allows you to make use of format strings to create more flexible ranges. Some examples include scanning prefixes or suffixes.. which apparently can be quite useful with certain environments ;-)

Many thanks to Teodor Georgiev for his patience and help in making SIPVicious more robust and reliable!

Here's a link to the full Changelog.

Grab the tarball or the zip file.
To upgrade to the svn version simply run "svn update" as usual - enjoy

Backtrack 3 out - with VoIP security tools

The final Backtrack 3 is out and it features some VoIP tools in the /pentest directory:

• SIPVicious (guess you know by now what this is about :)
• Voiper - a SIP fuzzing toolkit which aims at identifying flaws in VoIP products that do SIP and SDP.
• Sipbomber - a SIP testing tool which has test cases that are run against SIP enabled software / devices
• SIP Rogue - allows application level man in the middle (MITM) attacks on SIP devices.

In the $PATH one can find:

• VoIP Hopper - allows one to hop between VLANS.
• VOIPONG - a Voice over IP sniffer - will record any phone calls that it sees.
  
• sipdump / sipcrack - an offline password cracker for the digest authentication used by SIP

Tools that were previously found in Backtrack 2 are described on the tools page.

Grab Backtrack from the official site.

Ladies and Gentlemen please welcome..

EnableSecurity! I will be publishing my security research and rants as well as providing Security Consultancy, Research and Design. A brief "who am I" can be seen at the Linkedin Profile page, while Google has further details.

So what sort of things am I doing?

• Wireless security auditing
• Web Application Security
• VoIP security research
• Reverse Engineering

I'll continue developing SIPVicious and publish additional tools to help security professionals get the job done.

And one more thing - I suggest that you subscribe to the RSS as I shall be releasing some research later on this week.

SIPVicious tools roadmap

I'm looking at improving SIPVicious and would appreciate your input for new features or any possible bug fixes. Send me an email with ideas, or simply leave a comment.

Check my current "to do" list here.

SIPVicious version 0.2.3 with fingerprinting and dns goodies

Just posted a new version of SIPVicious v0.2.3. This includes some new features as well as bug fixes. However be warned - bugs have been invariably introduced in the course of adding these new features, so please help me test it out ;-)

Here's the link you've been looking for.

From the Changelog:

v0.2.3

• Feature: Fingerprinting support for svmap. Included fphelper.py and 3 databases used for fingerprinting.
• Feature: Added svlearnfp.py which allows one to add new signatures to db and send them to the author.
• Feature: Added DNS SRV check to svmap. Use ./svmap.py --srv domainname.com to give it a try
  

v0.2.svn

• Feature: added the ability for svreport to count results when doing a list
• Bug fix: fixed a bug related to resuming a scan which does not have an extension