[VOIPSEC] pentesting voip network-please help
mzcohen2682 at aim.com
mzcohen2682 at aim.com
Fri Jan 29 18:01:48 GMT 2010
hi all !!
im doing an internal (lan) pentest for a voip network. the network has 6 cisco call manager version 6.1.3 as a cluster. they have cisco phones 7911 and 7941. they use a seperate vlan por the voip network.
I started by trying to download the images files for the phones from the tftp server by doing a brute force attack for the names of the files.
I have access to one of the 7941 phones so I checked that the verion of the image is 4.0/8.0 (9.0)
in not sure what should be the names for the file images that the phones reload after boot but according to cisco documentation there must be SIPdefault.cnf and OS79xx.txt on the root directory of the tftp server. but I tried and there are not..
so what are the nemes of the files? I read a documents that said that if im am able to download those files I will find lots of interseting information like phone passwords etc..
after that... I tried to capture some RTP conversations but without any success. I am connected to the voip vlan and used wireshark but It doesnt detect any calles ! shoud I do some arp spoofing attack? but to which mac's?
any other ideas how to continue with this pentest?
what I see is that although the client didnt implement encryption or any other security control just the vlan isnt not so eaxy to pentest a voip network..
thanks
marco
More information about the Voipsec
mailing list