Voice Over IP (VoIP)

Resources

• TrustedSec Cisco Hacking - Manual Walkthrough

  • https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/

• N00py Username Dumping - Manual Walkthrough

  • https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/

• Vartai Security - Practical VoIP Penetration Testing

  • https://medium.com/vartai-security/practical-voip-penetration-testing-a1791602e1b4

iCULeak.py

• GitHub: https://github.com/llt4l/iCULeak.py

A cool technique for initial AD access during a pentest. Got a Cisco IP Phone nearby? Congrats, you’re (almost) an domain user!

• Source Tweet: https://twitter.com/snovvcrash/status/1555542379272323072?s=20&t=d1esgQD98FboqHYBB2bS9w