IP Phone Scanning Made Easy 0.6

[Fi8sVrs]

ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.

Download

source

[Versus71]

update v.0.12

New features: [v.0.7-0.12]

• SIP Scanner (udp or tcp) with administration services detection and information gathering on SIP UA or server
• Threads have been implemented in the launcher. Several tools can now be used at the same time. 
• Scanner: VxWorks debug mode detection
• Exploit: Aastra IP Phone hardcode telnet login/password.
• Exploit: Polycom HDX telnet authorization bypass (OSVDB 90125)
• Tool: Cisco phone: Having fun with SSH
• Exploit: Alcatel OXO FTP Denial of service.
• Exploit: Mitel ip phone information disclosure.
• Exploit: Mitel IP phone XSS vulnerability detection.
• Tool: Add Cisco phone SSH server detection.
• Tool: Add Cisco phone logout mobility feature abuse.
• Tool: Implement a module to detect the use of default Login/password on embedded web interface from Mitel phones.
• Exploit: Add Aastra ip phone information disclosure (OSVDB-ID: 72941/EDB-ID 17376).
• Exploit: Add Avaya Ip Office Linux voicemail password file data disclosure.
• Exploit: Add the script providing phone call and remote taping on SNOM phones.
• Exploit: Add Mitel AWC unauthenticated command execution (OSVDB-ID: 69934/EDB-ID 15807).

Download:

http://www.cedric-baillet.fr/IMG/zip/isme_v0.12.zip

Documentation:

http://www.cedric-baillet.fr/IMG/pdf/ISME_Documentation_v0.12.pdf

[ignore07]

Folositor , multumim !