VOIP EXPLOITS USING KALI LINUX
TOOLS
PROJECT BY:
KARNATI VAMSI KRISHNA
VANKANA SIVA SAKETH REDDY
CONTENTS
 Project Title
 Tools Used
 SIPSAK
 Metasploit
 XPLICO
 Implementations
 Problems Faced
 References
PROJECT TITLE
“Pen testing and Exploits using KALI Linux Tools”
TOOL USED
 SIPSAK:
 This tool can be used testing SIP devices & applications.
 This can be done just by using OPTION req method.
 In our project we used it to Fingerprint the SIP device.
IMPLEMENTING SIPSAK
WE USED THIS TOOL TO FINGERPRINT THE SIP
DEVICES.
COMAND: sipsak –vv –s sip:10.103.5.217
TOOL USED
 METASPLOIT:
 Using the Modules & Auxiliaries available in Metasploit
framework VoIP can be exploited.
 This framework can be used for several attacks.
 We can use it for enumerating SIP extensions.
 We can use it for creating fake SIP invite request, which
makes the target device ring.
IMPLEMENTING METASPLOIT
WE USED THIS TOOL TO ENUMERATE DEVICES AND
TO FLOOD INVITE REQUESTS TO SIP DEVICES.
COMMANDS:
Use auxiliary/scanner/sip/options
Use auxiliary/voip/sip-invite-spoof
RESULTS:
SIP Devices are enumerated
SIP device receives several invite requests, which cause for
multiple Rings.
IMPLEMENTING XPLICO
WE USED THIS TOOL TO CAPTURE SIP TRAFFIC
COMMANDS:
SIPCRACK TOOL
 COMMAND:
sipdump –p <pcapfile> auth.txt
Dumps the authentication data from PCAP file into auth.txt
Sipcrack –w <dictionary file> auth.txt
Cracks the password of the Sip device
TOOLS TRIED
 SIPSAK
 METASPLOIT
 SIPCRACK
 VOIPONG
 VOMIT
 XPLICO
REFERENCES:
•
www.google.com
•
http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP
•
http://www.enderunix.org/voipong/manual/book.html#INSTALLATION
•
http://zer0byte.com/2013/03/19/kali-linux-complete-tools-list-installation-screenshots/
•
http://www.offensive-security.com/metasploitunleashed/Msfconsole_Commands#path