search
Ctrlk

Voice Over IP (VoIP)

VoIP systems, particularly Cisco Unified Communications Manager (CUCM), are commonly found in enterprise environments and can provide initial access vectors, username enumeration, and potential credential harvesting opportunities.

hashtag
Resources

hashtag
Discovery

hashtag
SIP Service Discovery

Identify SIP services on the network:

# Nmap SIP enumeration
nmap -sU -p 5060 10.10.10.0/24 --script=sip-methods

# SIP banner grab
nmap -sV -p 5060,5061 10.10.10.123

hashtag
VoIP Protocol Identification

hashtag
SIPVicious Tools

SIPVicious is a suite of tools for auditing SIP-based VoIP systems.

hashtag
Installation

hashtag
Extension Enumeration

Enumerate valid SIP extensions:

hashtag
SIP Authentication Cracking

Crack SIP authentication credentials:

hashtag
Cisco IP Phone Exploitation

hashtag
iCULeak.py - Credential Theft

GitHub: https://github.com/llt4l/iCULeak.pyarrow-up-right

Exploit misconfigured Cisco IP phones to obtain domain credentials. Physical access to a Cisco IP phone can provide initial AD access during a pentest.

Source Tweet: https://twitter.com/snovvcrash/status/1555542379272323072?s=20&t=d1esgQD98FboqHYBB2bS9warrow-up-right

hashtag
CUCM Username Enumeration

Unauthenticated username dumping via CUCM:

hashtag
Configuration File Extraction

Cisco IP phones often expose configuration files:

hashtag
Call Interception

hashtag
RTP Stream Capture

Capture and decode VoIP audio streams:

hashtag
VoIP Wiretapping

hashtag
Common Attack Vectors

hashtag
Default Credentials

Common default credentials for VoIP systems:

  • Cisco CUCM: admin:admin, administrator:admin

  • Avaya: admin:admin, Administrator:AvayaPassword

  • Asterisk: admin:admin, root:password

  • 3CX: admin:admin

hashtag
SIP Registration Hijacking

Register as a legitimate extension to make/receive calls:

PrevioustsharkNextOne-Liners and Dirty Scripts

Last updated