Tag Archives: sip

Cracking SIP with John the Ripper

I just finished a patch against Romain Raboin’s HTTP Digest authentication patch for John the Ripper. Romain’s patch is also included in the jumbo patch available from the John the Ripper main page. The patch I made is very small and simply checks if the Quality of Protection (qop) parameter was supplied in the input or not. If it’s not it makes the appropriate changes so that the response is computed per the simpler RFC 2069 standard instead.

Continue reading

Nmap SIP version script 0.3

I made another change (hopefully the last) which adds the local IP-address to the SIP via header instead of the hard coded dummy address I was using. The new version is available for download here.

For more details on how to use the script check the first article over here.

Nmap SIP version script 0.2

I received some great feedback from Ron Bowes over at SkullSecurity, pointing out some redundant code and a better approach of achieving what I was doing. I have changed the code according to his suggestions and made it available for download here.

For more details on how to use the script check the first article over here.

Nmap SIP version script

As I’ve been tinkering with VoIP for a while I decided to write a version detection script for Nmap. It’s my first stab at both Nmap scripting and the Lua programming language so don’t expect to much. The limited tests I have made show that it does a reasonable job and returns any version information present in the server response. The script can be found here.

Continue reading

VoIPTK version 0.2

While testing another IP PBX product I found some bugs in my applications that I have now fixed. While fixing these bugs I also finished some additional changes that I have been working on. I also added an additional method of determining if an account is valid or not that I found while testing the other PBX product.

More details are available under the VoIPTK page.

Asterisk SIP vulnerability

I found a security hole in the Asterisk SIP implementation last week. I was happy to hear that it has already been patched and released. The vulnerability allows an attacker to determine whether a given username is valid or not. With knowledge of existing usernames a more efficient password guessing attack can be mounted against the system.

The full advisory can be read here:
http://downloads.asterisk.org/pub/security/AST-2009-008.html

I have been working on some very basic VoIP tools lately which amongst other things have this attack implemented. I’ll hopefully get to releasing it in the near future.