-
Notifications
You must be signed in to change notification settings - Fork 158
Getting Started
This guide assumes that you're running either a Linux or a Windows box. It also assumes that you're sufficiently comfortable with the command line. We will get a virtual machine running Asterisk PBX as a target and launch SIPVicious tools against it.
For our local environment, we will need a virtual machine with Asterisk running on it. There are other options like FreeSwitch, which you can use according to your needs and taste. In this example we will be using Asterisk as our target.
Once you have Asterisk up make sure to create a few extensions. In our lab we have extensions 100
, 101
and 123
. Choose a numeric password for extension 100
, no password for 101
and an alphabetic password like secret
.
I'll assume that your network is on the 192.168.1
subnet from now on. Replace that with your own subnet.
First run svmap against your subnet to find your Asterisk box:
[you@box sipvicious]$ ./svmap 192.168.1.1/24
+--------------------+--------------+
| SIP Device | User Agent |
-------------------------------------
| 192.168.1.103:5060 | Asterisk PBX |
+--------------------+--------------+
You should get results similar to the above. If not, make sure that you're scanning the right network.
To identify the extensions that you created previously:
[you@box sipvicious]$ ./svwar 192.168.1.103
+-----------+----------------+
| Extension | Authentication |
------------------------------
| 123 | reqauth |
| 100 | reqauth |
| 101 | noauth |
+-----------+----------------+
As you can see, extension 101 does not require authentication. Finally to crack the password for 100, we just run the following command:
[you@box sipvicious]$ ./svcrack 192.168.1.103 -u 100
+-----------+----------+
| Extension | Password |
------------------------
| 100 | 100 |
+-----------+----------+
To crack an alphanumeric password we need to make use of a dictionary file. Create a text file called "dictionary.txt" containing your password.
[you@box sipvicious]$ ./svcrack 192.168.1.103 -u 123 -d dictionary.txt
+-----------+----------+
| Extension | Password |
------------------------
| 123 | secret |
+-----------+----------+
Following that, you can make use of the credentials by making use of a SIP softphone of your choice.
Last edited by @0xInfection - 2021/06/01
- Home - Welcome to the wiki!
- Introduction:
- Basics - Setting up dependencies & sipvicious.
- Toolset - Know the tools within the toolset.
- Getting Started - Running the tools you just installed.
- Manual usage:
-
svmap
Usage - Usingsvmap
. -
svwar
Usage - Usingsvwar
. -
svcrack
Usage - Usingsvcrack
. -
svreport
Usage - Usingsvreport
. -
svcrash
FAQs - Solving queries aboutsvcrash
. - Other FAQs - Answers to your common questions.
-
- Automation - Automated testing and integration with CI/CD pipelines.
- Development:
- Changelog - Tracking changes through the development.
- Others:
- Media Mentions - Media mentions about sipvicious.