sorted by: recent | see :
popular
Content Tagged with exploit + tools
OWASP CAL9000
a collection of web application security testing tools that complement the feature set of current web proxies and automated scanners. CAL9000 gives you the flexibility and functionality you need for more effective manual testing efforts. Works best when used with Firefox or Internet Explorer.
How to turn a Grandstream SIP phone into a remote bug
The "Institut National de Recherche en Informatique" has done it again. They released details of their research regarding the Grandstream GXV-3000 SIP phone - specially on a bug that allows one to crash the phone, and set it off the hook without ringing. This last exploit effectively turns such phones into a spying device, allowing crooks and other evil entities to discretely listen on conversations in a room where the phone is installed.
Apparently, it is not just these Grandstream devices that are vulnerable to the same attack, but it affects "some SIP stack engines". The trick is to send a "183 Session Progress" SIP message to the phone following an INVITE request, which in turn makes it go all fuzzy and start sending RTP packets to the attacker. The full-disclosure post further illustrates this with a example code in perl.
Meanwhile, all this wouldn't have been possible for the Institute without using their SIP stateful fuzzer. The paper presenting this project can be found here. Least that I can say is that this is very cool stuff.
Apparently, it is not just these Grandstream devices that are vulnerable to the same attack, but it affects "some SIP stack engines". The trick is to send a "183 Session Progress" SIP message to the phone following an INVITE request, which in turn makes it go all fuzzy and start sending RTP packets to the attacker. The full-disclosure post further illustrates this with a example code in perl.
Meanwhile, all this wouldn't have been possible for the Institute without using their SIP stateful fuzzer. The paper presenting this project can be found here. Least that I can say is that this is very cool stuff.
How to turn a Grandstream SIP phone into a remote bug
The "Institut National de Recherche en Informatique" has done it again. They released details of their research regarding the Grandstream GXV-3000 SIP phone - specially on a bug that allows one to crash the phone, and set it off the hook without ringing. This last exploit effectively turns such phones into a spying device, allowing crooks and other evil entities to discretely listen on conversations in a room where the phone is installed.
Apparently, it is not just these Grandstream devices that are vulnerable to the same attack, but it affects "some SIP stack engines". The trick is to send a "183 Session Progress" SIP message to the phone following an INVITE request, which in turn makes it go all fuzzy and start sending RTP packets to the attacker. The full-disclosure post further illustrates this with a example code in perl.
Meanwhile, all this wouldn't have been possible for the Institute without using their SIP stateful fuzzer. The paper presenting this project can be found here. Least that I can say is that this is very cool stuff.
Apparently, it is not just these Grandstream devices that are vulnerable to the same attack, but it affects "some SIP stack engines". The trick is to send a "183 Session Progress" SIP message to the phone following an INVITE request, which in turn makes it go all fuzzy and start sending RTP packets to the attacker. The full-disclosure post further illustrates this with a example code in perl.
Meanwhile, all this wouldn't have been possible for the Institute without using their SIP stateful fuzzer. The paper presenting this project can be found here. Least that I can say is that this is very cool stuff.
Security
tools
sip
exploit
vulnerability
grandstream
hardphone
bookmark this on del.icio.usThe Metasploit Project
This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various e
The Metasploit Project
Security vulnerability discovery software
opensource: del.icio.us tag/opensource
Security
exploit
Hacking
exploits
oss
opensource
tools
network
Software
vulnerability