[Sum]mation ILHack

Good morning All! First, I would like to thank Yaniv Miron for organizing such a great conference and inviting me to speak about VoIP Tactics && Exploitaion at ILHack 2009.

Next, this one goes to all of my Students/Friends/Colleages thanks for the BIG support. You are all in my local subnet ;)

Special 10x to SIPM4ST3R yossef cohen for the lab organization, coding, and talking about the SIP Protocol as a part of the lecture.

The presentation, video of the lecture and source code for(SIPy and sip00fer) will be available --> ILHack download section during this weekend.



Hope to see you all, soon.

Jacky Altal

sip00fer

After a looong week, i`ve finished my case study on PBX (Asterisk). A new 1.6.1.0 Asterisk version was installed on CentOS, a great disto. and by the help of the SIP M4ST3R Yossef{at}maxxvoice{dot}com I managed to \install\ AND \configure\ my new PBX up&&running in few hours. [./configure; make; make install] simple as that.

Then, I started testing my Asterisk box, as i saw a sample code that can create a fake call to any extension on metasploit framework. The code didn`t work on against a new 1.6.0.5 as Yossef found that the CSeq var is missing so i decided to implement it by my self, i used RFC3261 to deeply understand the protocol and to expend my research to this fascinating area.

I wrote a POC code in python and then convert it to C++ the POC will build a fake packet and send it to sip client.

The code will be posted soon -> ilHack 2009 <- along with a new SIPcliFuzzer.

Usage: sip00fer [host] [port] [fake_extension] [Fake_Caller]
Example: sip00fer 13.37.7.1 31317 101 jackjack