Hacking VOIP Exposed Core Informations And Tools.

HACKING VOIP EXPOSED CORE INFORMATION.

tools for downloads

Part A. 

1.Security Tools - Here you can download the security tools we wrote on our Blog and       demonstrated in the Video.

Part B.

2.VoIP "Google Hacking" Database - This is a listing of Google Hacking terms for VoIP phones and servers.

Part C.

3.VoIP Voicemail Database - This is a collection of default sound files of popular voicemail systems to assist in properly identifying the vendor.

• 
  

• security tools

  These are the tools. The tools listed in blue are the ones we wrote ourselves. Most of our linux tools require that you also download the following two libraries: hack_library and g711conversions.
  • Chapter 2: Scanning
    • fping
    • Nessus
    • nmap
    • snmpwalk
    • SNSscan
    • SuperScan
    • VLANping
  • Chapter 3: Enumeration
    • netcat
    • SiVuS
    • sipsak
    • SIPSCAN
    • smap
    • TFTP Brute Forcer with TFTP Bruteforce File
  • Chapter 4: Infrastructure Denial of Service
    • DNS Auditing tool
    • Internetwork Routing Protocol Attack Suite
    • UDP Flooder
    • UDP Flooder w/VLAN support
    • Wireshark (formerly Ethereal)
  • Chapter 5: Eavesdropping
    • Angst
    • Cain and Abel
    • DTMF Decoder
    • dsniff
    • NetStumbler
    • Oreka
    • VoIPong
    • vomit
  • Chapter 6: Network and Application Interception
    • arpwatch
    • Cain and Abel
    • dsniff
    • ettercap
    • fragrouter
    • siprogue
    • XArp
  • Chapter 7: Cisco Unified CallManager
    • Skinny Traffic Sample
  • Chapter 9: Asterisk
    • IAX Flooder
    • IAX Enumerator
  • Chapter 11: Fuzzing
    • ohrwurm RTP fuzzer
    • PROTOS SIP fuzzing suite
    • TCPView
  • Chapter 12: Disruption of Service
    • INVITE Flooder
    • RTP Flooder
    • UDP Flooder
    • UDP Flooder w/VLAN support
  • Chapter 13: Signaling and Media Manipulation
    • AuthTool
    • BYE Teardown
    • Check Sync Phone Rebooter
    • RedirectPoison
    • Registration Hijacker
    • Registration Eraser
    • Registration Adder
    • RTP InsertSound v2.0
    • RTP InsertSound v3.0 (needs this library)
    • RTP MixSound v2.0
    • RTP MixSound v3.0 (needs this library)
  • Chapter 14: SPAMMING/SPIT
  • Spitter

• 
  

Part B.

2.VoIP "Google Hacking" Database - This is a listing of Google Hacking terms for VoIP phones and servers.

VoIP Google Hacking

• Asterisk Management Portal:
  intitle:asterisk.management.portal web-access
• Cisco Phones:
  inurl:"NetworkConfiguration" cisco
• Cisco CallManager:
  inurl:"ccmuser/logon.asp"
• D-Link Phones:
  intitle:"D-Link DPH" "web login setting"
• Grandstream Phones:
  intitle:"Grandstream Device Configuration" password
• Linksys (Sipura) Phones:
  intitle:" SPA Configuration"
• Polycom Soundpoint Phones:
  intitle:"SoundPoint IP Configuration"
• Snom Phones:
• "(e.g. 0114930398330)" snom

Part C.

3.VoIP Voicemail Database - This is a collection of default sound files of popular voicemail systems to assist in properly identifying the vendor.

voicemail database

This is a collection of default sound files of popular VoIP voicemail systems to assist in properly identifying the vendor. This goes along with Part A.

Asterisk 1.2.x (gsm can be played with QuickTime Player): 
"[USER'S NAME] {is on the phone, is unavailable} Please leave your message after the tone. When done, hang up or press the pound key." 


Avaya IP Office / Audix:
"Your call is being answered by Audix. [USER'S NAME] {is not available ... to leave a message wait for the tone, is busy ... to leave a message wait for the tone}." 


Cisco Unity 4.x:
"Record your message at the tone. When you are finished, hang up or hold for more options."