The following are two updates for the next version of SIPVicious's PBX extension enumeration tool svwar:

1. svwar now tries to guess common numbers by default. It scans for the following ranges: 1000,2000... 9000, 1001, 2001..9001, 1111,2222... 9999, 11111,22222...99999, 100-999, 1234,2345 ..7890 and so on. This feature has a tendency to identify extensions on many PBX configurations. If you would like to disable it simply pass the --disabledefaults option to svwar.
   
2. svwar now sends ACK responses to SIP responses with code 200 because some PBXes keep sending packets until they receive an acknowledge.
   

That's it for now. Please let me know about your experience with the new features. To give the code a try simply run svn update from the sipvicious directory, or gte the latest by running the following:

svn checkout http://sipvicious.googlecode.com/svn/trunk/ sipvicious-read-only

Have fun!

Ouch! ZDNet have a short article about a misconfigured PBX making 400 calls to some of the hottest countries around: Afghanistan, India, Yemen and Saudi Arabia. Very ugly .. hope that the details emerge. If anyone has more details email me or post here.

Promotional message: SIPVicious is free - test your SIP based PBX before someone else does ;-)

Update: Apparently it consisted of voicemail hacking - you know that thing from the 90s. So no VoIP or SIP involved, just plain old school default pin cracking.

Alert: this is not a VoIP security post. Just a repost from EnableSecurity.

I just released a new paper and tool on the subject of web application security.

Check out the blog post (which includes the bonus video everyone loves), and the proof of concept tool itself.

And if you did not do it already, please subscribe to my other site, EnableSecurity's RSS feed.

Just updated the release of SIPVicious to 0.2.4 to include a couple of bug fixes in svwar and a new feature. The new "--template" parameter allows you to make use of format strings to create more flexible ranges. Some examples include scanning prefixes or suffixes.. which apparently can be quite useful with certain environments ;-)

Many thanks to Teodor Georgiev for his patience and help in making SIPVicious more robust and reliable!

Here's a link to the full Changelog.

Grab the tarball or the zip file.
To upgrade to the svn version simply run "svn update" as usual - enjoy

The final Backtrack 3 is out and it features some VoIP tools in the /pentest directory:

• SIPVicious (guess you know by now what this is about :)
• Voiper - a SIP fuzzing toolkit which aims at identifying flaws in VoIP products that do SIP and SDP.
• Sipbomber - a SIP testing tool which has test cases that are run against SIP enabled software / devices
• SIP Rogue - allows application level man in the middle (MITM) attacks on SIP devices.

In the $PATH one can find:

• VoIP Hopper - allows one to hop between VLANS.
• VOIPONG - a Voice over IP sniffer - will record any phone calls that it sees.
  
• sipdump / sipcrack - an offline password cracker for the digest authentication used by SIP

Tools that were previously found in Backtrack 2 are described on the tools page.

Grab Backtrack from the official site.

EnableSecurity! I will be publishing my security research and rants as well as providing Security Consultancy, Research and Design. A brief "who am I" can be seen at the Linkedin Profile page, while Google has further details.

So what sort of things am I doing?

• Wireless security auditing
• Web Application Security
• VoIP security research
• Reverse Engineering

I'll continue developing SIPVicious and publish additional tools to help security professionals get the job done.

And one more thing - I suggest that you subscribe to the RSS as I shall be releasing some research later on this week.

I'm looking at improving SIPVicious and would appreciate your input for new features or any possible bug fixes. Send me an email with ideas, or simply leave a comment.

Check my current "to do" list here.

Just posted a new version of SIPVicious v0.2.3. This includes some new features as well as bug fixes. However be warned - bugs have been invariably introduced in the course of adding these new features, so please help me test it out ;-)

Here's the link you've been looking for.

From the Changelog:

v0.2.3

• Feature: Fingerprinting support for svmap. Included fphelper.py and 3 databases used for fingerprinting.
• Feature: Added svlearnfp.py which allows one to add new signatures to db and send them to the author.
• Feature: Added DNS SRV check to svmap. Use ./svmap.py --srv domainname.com to give it a try
  

v0.2.svn

• Feature: added the ability for svreport to count results when doing a list
• Bug fix: fixed a bug related to resuming a scan which does not have an extension