Difference between revisions of "VoIP hacking workshop"
From Tmplab
(New page: * Date: Thursday 20th of May 2010) |
|||
Line 1: | Line 1: | ||
− | + | {{Workshop | |
+ | |title=VoIP hacking workshop | ||
+ | |when=Thursday 20th of May 2010 | ||
+ | |where=/tmp/lab | ||
+ | |intro=Easy way to pentest VoIP infrastructure. | ||
+ | |||
+ | Overview: | ||
+ | |||
+ | * Identification of the VoIP Product | ||
+ | * VLAN hopping, accessing the voice VLAN from the data VLAN | ||
+ | * VoIP accounts enumeration | ||
+ | * Communication wiretapping and injection of sound during a call | ||
+ | * Spoofing of phone profiles and identity spoofing | ||
+ | * UNISTM attack on Cisco IP phones | ||
+ | * Bypass of call restrictions and voice gateway abuse | ||
+ | * Grab of SIP or IAX credentials | ||
+ | * Denial of Service on VoIP servers and IP phones | ||
+ | |||
+ | Prerequisites: | ||
+ | |||
+ | * Python >= 2.5 | ||
+ | * An editor > vi | ||
+ | * Scapy | ||
+ | * Wireshark (optional) | ||
+ | |||
+ | |||
+ | |by=[[User:Sn0rkY|Sn0rkY]] | ||
+ | }} |
Revision as of 12:04, 17 May 2010
- Titre: VoIP hacking workshop
- Par: Sn0rkY
- Date: Thursday 20th of May 2010
- Lieu: /tmp/lab
Easy way to pentest VoIP infrastructure.
Overview:
* Identification of the VoIP Product * VLAN hopping, accessing the voice VLAN from the data VLAN * VoIP accounts enumeration * Communication wiretapping and injection of sound during a call * Spoofing of phone profiles and identity spoofing * UNISTM attack on Cisco IP phones * Bypass of call restrictions and voice gateway abuse * Grab of SIP or IAX credentials * Denial of Service on VoIP servers and IP phones
Prerequisites:
* Python >= 2.5 * An editor > vi * Scapy * Wireshark (optional)