Active Members Fi8sVrs Posted September 13, 2012 Active Members Report Posted September 13, 2012 ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.Downloadsource Quote
Versus71 Posted January 17, 2014 Report Posted January 17, 2014 update v.0.12New features: [v.0.7-0.12]• SIP Scanner (udp or tcp) with administration services detection and information gathering on SIP UA or server• Threads have been implemented in the launcher. Several tools can now be used at the same time. • Scanner: VxWorks debug mode detection• Exploit: Aastra IP Phone hardcode telnet login/password.• Exploit: Polycom HDX telnet authorization bypass (OSVDB 90125)• Tool: Cisco phone: Having fun with SSH• Exploit: Alcatel OXO FTP Denial of service.• Exploit: Mitel ip phone information disclosure.• Exploit: Mitel IP phone XSS vulnerability detection.• Tool: Add Cisco phone SSH server detection.• Tool: Add Cisco phone logout mobility feature abuse.• Tool: Implement a module to detect the use of default Login/password on embedded web interface from Mitel phones.• Exploit: Add Aastra ip phone information disclosure (OSVDB-ID: 72941/EDB-ID 17376).• Exploit: Add Avaya Ip Office Linux voicemail password file data disclosure.• Exploit: Add the script providing phone call and remote taping on SNOM phones.• Exploit: Add Mitel AWC unauthenticated command execution (OSVDB-ID: 69934/EDB-ID 15807).Download:http://www.cedric-baillet.fr/IMG/zip/isme_v0.12.zipDocumentation:http://www.cedric-baillet.fr/IMG/pdf/ISME_Documentation_v0.12.pdf Quote
