sip00fer

After a looong week, i`ve finished my case study on PBX (Asterisk). A new 1.6.1.0 Asterisk version was installed on CentOS, a great disto. and by the help of the SIP M4ST3R Yossef{at}maxxvoice{dot}com I managed to \install\ AND \configure\ my new PBX up&&running in few hours. [./configure; make; make install] simple as that.

Then, I started testing my Asterisk box, as i saw a sample code that can create a fake call to any extension on metasploit framework. The code didn`t work on against a new 1.6.0.5 as Yossef found that the CSeq var is missing so i decided to implement it by my self, i used RFC3261 to deeply understand the protocol and to expend my research to this fascinating area.

I wrote a POC code in python and then convert it to C++ the POC will build a fake packet and send it to sip client.

The code will be posted soon -> ilHack 2009 <- along with a new SIPcliFuzzer.

Usage: sip00fer [host] [port] [fake_extension] [Fake_Caller]
Example: sip00fer 13.37.7.1 31317 101 jackjack