Slide 1

PROJECT BY:KARNATI VAMSI KRISHNAVANKANA SIVA SAKETH REDDYVOIP EXPLOITS USING KALI LINUX TOOLS

1CONTENTSProject TitleTools UsedSIPSAKMetasploitXPLICOImplementationsProblems FacedReferencesPROJECT TITLEPen testing and Exploits using KALI Linux Tools

TOOL USEDSIPSAK:

This tool can be used testing SIP devices & applications.This can be done just by using OPTION req method.In our project we used it to Fingerprint the SIP device.IMPLEMENTING SIPSAK WE USED THIS TOOL TO FINGERPRINT THE SIP DEVICES.COMAND: sipsak vv s sip:10.103.5.217

TOOL USEDMETASPLOIT:Using the Modules & Auxiliaries available in Metasploit framework VoIP can be exploited. This framework can be used for several attacks.We can use it for enumerating SIP extensions.We can use it for creating fake SIP invite request, which makes the target device ring.

IMPLEMENTING METASPLOITWE USED THIS TOOL TO ENUMERATE DEVICES AND TO FLOOD INVITE REQUESTS TO SIP DEVICES.COMMANDS:Use auxiliary/scanner/sip/optionsUse auxiliary/voip/sip-invite-spoofRESULTS:SIP Devices are enumeratedSIP device receives several invite requests, which cause for multiple Rings.

IMPLEMENTING XPLICOWE USED THIS TOOL TO CAPTURE SIP TRAFFICCOMMANDS:

SIPCRACK TOOLCOMMAND: sipdump p auth.txtDumps the authentication data from PCAP file into auth.txt

Sipcrack w auth.txtCracks the password of the Sip device

TOOLS TRIEDSIPSAKMETASPLOITSIPCRACKVOIPONGVOMITXPLICO

REFERENCES:www.google.comhttp://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIPhttp://www.enderunix.org/voipong/manual/book.html#INSTALLATIONhttp://zer0byte.com/2013/03/19/kali-linux-complete-tools-list-installation-screen-shots/http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands#path