Who's Online
There are currently, 62 guest(s) and 1 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
IPhone Password Breaker
Posted by cdupuis on Monday, 08 February 2010 @ 06:37:51 EST (513 reads)
Topic VOIP
Anonymous writes "As seen on the H-Security website:
5 February 2010, 15:05
Password breaker for iPhone backups
Elcomsoft's iPhone Password Breaker. Elcomsoft's iPhone Password Breaker[1] (EPPB) promises to recover the passwords of protected iPhone backups. This is said to allow access to stored data such as addresses, SMS archives, apps, calendar items, photos, call logs, email account details as well as the browser cache and history. The breaker works offline and does not require iTunes.
So far, however, there is only a beta version[2] (direct download) which uses (currently rather short) English, German and Russian word lists to attempt the recovery of the correct password. The H's associates at heise Security found that the German word list appears slightly strange, containing virtually none of the terms that can usually be found in password lists – items such as "Strukturproblem" or "Steuerhinterziehungsbranche" are only likely to be used as passwords by rather shrewd individuals.
The final version is to support user-defined dictionary attacks and permutations – accelerated by current ATI and Nvidia graphics cards via Stream SDK or CUDA as well as multi-core CPU support. EPPB runs on Windows7, Vista and XP and can apparently crack the backups of generation 2G, 3G and 3GS iPhones as well as first, second and third generation iPod Touch models. The vendor did not, however, mention what the price for the final version will be.
Elcomsoft also offers other software such as Distributed Password Recovery (EDPR). Apart from WPA passwords, EDPR can also recover the passwords used in Office, Adobe Acrobat, PGP, Lotus Notes as well as Windows and Unix passwords.
See also:
- iPhone OS 3.1.3 fixes vulnerabilities[3], a report from The H.
URL of this Article:
http://www.h-online.com/security/news/item/Password-breaker-for-iPhone-backups-923266.html
Links in this Article:
[1] http://www.elcomsoft.com/eppb.html
[2] http://www.elcomsoft.com/download/eppb.zip
[3] http://www.h-online.com/news/item/iPhone-OS-3-1-3-fixes-vulnerabilities-920756.html "
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Posted by cdupuis on Wednesday, 03 February 2010 @ 06:21:52 EST (367 reads)
Topic VOIP
As seen on Eweek.com:
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge.
Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will present their findings at ShmooCon, held Feb. 5 to 7 in Washington.
"Our original [area of] curiosity was whether these devices could be utilized to supplement cellular deployment in third-world countries (such as the OpenBTS+Asterisk project) in a much cheaper package ($250 compared to over $1,200 for a USRP hardware device plus server costs)," Fasel explained. "After hours of sniffing traffic, changing IP address ranges, guessing passwords and investigating hardware pinouts, we had obtained root access on these Linux-based cellular-based devices, which piqued our curiosity [about] the security implications."
Femtocell devices are small cellular base stations used to increase wireless coverage in areas with limited service. Because a cell phone does not have business logic to prevent it from connecting to a wireless device acting as a tower that has been tampered with, it is possible for malicious users to abuse that trust and sniff traffic as it traverses the network.
"Through the theoretical attack method outlined in our talk, the attacker would compromise the femtocell device to gain full root access over the device," Fasel said. "As the attacker has access to the device, any services the device offers [are] subject to the attacker's control, including voice, data, authentication and access to the femtocell's home network."
In addition, the researchers plan to offer proof that a malicious user could tamper with a wireless device and create a fake tower in order to monitor people's movement via the identification numbers of their cell phones.
"The cell companies need to focus on the security of the hardware just as much as the software," Fasel said. "In our findings we noticed a limited concern [about] the security of the hardware. We used this to our advantage to get full root access to the device. This then allowed us understand and modify existing software on the device.
"In addition, cellular technologies (specifically in the case of GSM) employ a weak authentication mechanism," he added. "This has been known throughout the security industry for several years."
As for users, there isn't much they can do, he said.
"Stop using cellular technologies? Other than that, because users can't stop using cellular technologies, they must trust their cell phone as much as they trust an open access point," Fasel said. "Use strong encryption on data services and don't say anything over the airwaves that you wouldn't assume someone's listening to."
See original posting at:
http://www.eweek.com/c/a/Security/Researchers-Uncover-Security-Vulnerabilities-in-Femtocell-Technology-760682/
UCSniff 3.0 Released
Posted by cdupuis on Wednesday, 11 November 2009 @ 18:22:45 EST (2426 reads)
Topic VOIP
NOTE FROM CLEMENT: Here is a posting from the Pen-Test mailing list on SecurityFocus. Joshua Wright is commenting about the new UCSniff release. Joshua is not easy to impress, he knows his stuff and his endorsement does speak for the quality and usability of this new version of UCSniff. Here is the posting:
---------- Forwarded message ----------
From: Joshua Wright
Date: Tue, Nov 3, 2009 at 09:22
Subject: Re: UCSniff 3.0 Released
To: Arjun Sambamoorthy
Cc: pen-test@securityfocus.com
> Sipera VIPER Labs has released UCSniff 3.0: > http://ucsniff.sourceforge.net. > > Here are some of the key features of the new version: > > * Real time VoIP and Video monitoring. [ as presented at ToorCon 11, San Diego] > * New codec support, G729, G726, G723. > * GUI version of Windows and Linux. [ as presented at DefCon 17] > * TFTP MitM Modification of IP phone settings. > * New VideoSnarf tool - Converts offline RTP pcap file to media file. > * Windows VLAN implementation, for VLAN Hopping in Windows. As a personal anecdote, I saw Arjun and Jason present the latest developments in UCSniff at ToorCon 11 and was awed at how smoothly the features worked, and the power of the video manipulation features.
Jason and Arjun's demo used a Cisco IPTV camera for video surveillance, watching a bottle of water. First, they established MitM (I believe through ARP spoofing) and saved a segment of the existing video traffic.
Then, they blocked the actual stream from the camera to the receiver and fed the receiver the old video footage instead, causing a momentary blip on the video monitoring side. Then, they stole the bottle of
water, while the video monitoring system happily replayed the old footage.
It reminded me of the A-Team episode where Murdoch climbed into the ceiling and lifted a ceiling tile from above, then used a Polaroid camera to take an instant picture of the room from the perspective of a
ceiling-mounted camera. Then, he taped the photo to the front of the camera so the security guards saw the same view while the rest of the team went through the room undetected. Well, except that Arjun and
Jason's work was much cooler (and a lot less Polaroid-hurry-up-and-develop-waving-action).
Congrats to Jason and Arjun for their awesome work, this is a tool I'm looking forward to using in upcoming customer engagements.
- -Josh
VIPER Lab's VAST Live Distro for VOIP security assessment
Posted by cdupuis on Tuesday, 06 October 2009 @ 23:52:47 EDT (926 reads)
Topic VOIP
Hello!
I am pretty new to the list and just wanted to let everyone know that I have developed a VoIP security live distribution called VAST.
The distro includes VoIP security assessment tools such as UCsniff, VoipHopper, Videojak, videosnarf, ACE, Warvox, and a number of other useful tools along with traditional security assessment tools like Metasploit, Nmap, Netcat, Hydra, Hping2 and others.
The link for the distro is http://vipervast.sourceforge.net.
The distro is still in a very beta stage and suggestions are welcome.
Cheers,
Mike Jones
C|EH E|CSA ACSA GCIH GHTQ GHD
Pwning Nokia phones (and other Symbian based smartphones)
Posted by cdupuis on Monday, 06 July 2009 @ 22:24:03 EDT (702 reads)
Topic VOIP
Hello,
I'll just leave this here ;)
https://www.sec-consult.com/files/SEC_Consult_Vulnerability_Lab_Pwning_Symbian_V1.03_PUBLIC.pdf
Abstract:
1. Perform static analysis of XIP ROM images (dumping, restoring import and export tables, searching for unsafe function calls)
2. Enable run mode debugging of system binaries running from ROM, by cracking the AppTRK debug agent
3. (Ab-)use the AppTRK debug agent as a foundation for dynamic vulnerability analysis
3. Build an exemplary file fuzzer for the video- and audio codecs shipped with current Nokia smartphones
4. List and briefly analyze the identified bugs
5. Discuss further ideas and concepts, such as jailbreak shellcode, and an IRC bot trojan for Symbian
We aim to show that it is possible to find and exploit bugs on Symbian smartphones, even in preinstalled system applications, without having access to special development hardware, and that exploits and worms
similar to those found on desktop systems may be possible on Symbian.
The bugs listed in this paper have been sent to Nokia and are currently under review. Mobile phone manufacturers should be aware that remote vulnerabilities of the kind discussed in this paper could be used in targeted attacks to remotely compromise a smartphone (track GPS, turn on mic, etc.), or as a means of propagation for mobile network worms.
--
Bernhard Mueller Security Consultant SEC Consult Unternehmensberatung GmbH www.sec-consult.com A-1190 Vienna, Mooslackengasse 17 phone +43 1 8903043 34 fax +43 1 8903043 15 mobile +43 676 840301 718 email b.mueller@sec-consult.com Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223 Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt Advisor for your information security.
WarVOX phone analysis suite
Posted by cdupuis on Thursday, 21 May 2009 @ 00:40:01 EDT (751 reads)
Topic VOIP
Anonymous writes "Version 1.0.1 of the WarVOX phone analysis suite has been released. Notable changes since 1.0.0:
- License changed to BSD, no restrictions on commercial use
- Support number exclusion lists / black lists (regex based)
- Support for phone number ranges in addition to masks
- Support for multiple ranges and masks per job
- Numerous bug fixes and stability improvements
- Command line script for exporting dial results (bin/export_list.rb)
Download:
http://warvox.org/releases/warvox-1.0.1.tar.gz
Background:
http://warvox.org/
WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.
WarVOX requires no telephony hardware and is massively scalable by leveraging Internet-based VoIP providers. A single instance of WarVOX on a residential broadband connection, with a typical VoIP account, can scan over 1,000 numbers per hour. The speed of WarVOX is limited only by downstream bandwidth and the limitations of the VoIP service. Using two providers with over 40 concurrent lines we have been able to scan entire 10,000 number prefixes within 3 hours.
-HD "
VoIP Hopper 1.0 released! With Nortel support
Posted by cdupuis on Thursday, 07 May 2009 @ 16:21:25 EDT (714 reads)
Topic VOIP
Anonymous writes "---------- Forwarded message ----------
From: Jason Ostrom
Date: Tue, May 5, 2009 at 12:40
Subject: VoIP Hopper 1.0 released! With Nortel support
To: pen-test@securityfocus.com
VoIP Hopper 1.0 has been released, with several new features, and a new project website:
http://voiphopper.sf.net
What is VoIP Hopper?
VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches.
VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments. VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security.
New Features:
* *Nortel Support: * VoIP Hopper can now automatically discover the Voice VLAN ID used in Nortel IP Phone networks and VLAN Hop!
* *DHCP client:* A fully integrated DHCP client! VoIP Hopper now implements DHCP messaging as function calls instead of relying on the old 'dhcpcd' client. This opens up the door for future VLAN Discovery mechanisms for other vendors, such as Alcatel.
* *New CDP mode:* A new CDP Spoof mode that uses a pre-constructed IP Phone packet of a Cisco 7971G-GE! Now you can VLAN Hop faster by spoofing CDP and don't have to construct your own CDP Packet!
* *Error correction with VLAN Interfaces:* Implemented a feature that checks to see if the IP address is already configured for the voice interface before running the VLAN Hop and DHCP request
* *Bug fix 1:* Fixed an important libpcap bug with pcap_next_ex read timeout when CDP sniff mode was used (-c 0) "
UCSniff VOIP Sniffer 2.1 released
Posted by cdupuis on Friday, 10 April 2009 @ 22:20:48 EDT (769 reads)
Topic VOIP
UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features, allowing VoIP owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for anyone to download, under the GPLv3 license
UCSniff was created as a Proof of Concept demonstration tool and a method of creating awareness around VoIP/UC threats. It can be used by VoIP/UC Administrators to test their own VoIP Infrastructure in a pilot before vulnerabilities are rolled into production. It can also be used by security professionals as a method of convincing IT decision makers that security best practices should be applied to VoIP/UC in the same way that they are applied to other TCP/IP based, client-server applications.
Some useful features of UCSniff that have been combined together into a single package:
 Allows targeting of VoIP Users based on Corporate Directory and/or extensions
Support for automatically recording private IP video conversations
Automatically re-creates and saves entire voice conversations to a single file that can be played back by media players
Support for G.722 and G.711 u-law compression codecs
Support for H.264 Video codec
Automated VLAN Hop and Discovery support
A UC Sniffer (VoIP and Video) combined with a MitM re-direction tool
Monitor Mode
Sniffs entire conversation if only one phone is in source VLAN
LATEST DEVELOPMENT NEWS:
From: Jason Ostrom
Date: Fri, Apr 3, 2009 at 14:23
Subject: UCSniff 2.1 released
To: "pen-test@securityfocus.com"
UCSniff 2.1 has been released, with several new features and enhancements:
http://ucsniff.sf.net
New features / enhancements:
- Eavesdropping on Microsoft OCS IM conversations
- Support for Avaya SIP eavesdropping (handles SIP re-invites properly)
- Re-write of SIP code for enhanced logging and memory efficiency
- Enhanced ARP spoofing with unicast arp requests (also detects devices that have GARP disabled)
- Support for G.711 a-law codec (already supports G.722, G.711 u-law)
Tested platforms:
Ubuntu 8.10
BT4 Beta
OAT released - new VoIP security tool
Posted by cdupuis on Friday, 10 April 2009 @ 22:11:57 EDT (761 reads)
Topic VOIP
---------- Forwarded message ----------
From: Jason Ostrom
Date: Wed, Apr 1, 2009 at 14:42
Subject: OAT released - new VoIP security tool
To: "pen-test@securityfocus.com"
VIPER Lab has released OAT (OCS Assessment Tool). OAT is a free VoIP security assessment tool designed to test the security configuration of Microsoft OCS SIP infrastructures, for deployment/implementation issues. It's the first OCS SIP validation tool written in windows. We welcome any feedback.
OAT website: http://voat.sourceforge.net
Some key features of OAT:
- Online dictionary attack against SIP user credentials
- "Presence Stealing" - automated download of all SIP-enabled domain users and SIP presence enumeration
- IM flood security test of domain/targeted OCS users
- Automated calling of domain/targeted OCS users, for purposes of testing for reconnaissance or DoS
VoIP Hopper 0.9.9 Released
Posted by boss on Tuesday, 19 February 2008 @ 08:50:46 EST (4251 reads)
Topic VOIP
Anonymous writes " VoIP Hopper 0.9.9 has been released.
This is the same code that was presented at ShmooCon 4.
Main Site is located at: http://voiphopper.sf.net
NEW FEATURES
* CDP Generator!
VoIP Hopper can generate CDP packets in order to discover the Voice VLAN ID, as any IP Phone based on CDP would do. In this CDP spoof mode, VoIP Hopper will send two CDP packets in order to decipher the VVID, then it will iterate between sleeping for 60 seconds, and sending another packet. Not only is this faster than CDP sniffing, but it can also help bypass any mechanisms that rely on CDP for permitting access to the Voice VLAN.
* Voice VLAN Interface Delete:
VoIP Hopper can delete the created Voice Interface
* MAC Address Spoof, then exit:
VoIP Hopper can change the MAC Address of an interface offline and exit, without VLAN Hopping.
IMPORTANT BUG FIX
VoIP Hopper now correctly decodes 2 bytes for the Voice VLAN ID in CDP Packets instead of only 1 byte. This corrects large VVID values (such as 415, etc) from being incorrectly decoded.
WHAT IS VOIP HOPPER
VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security.
CREDITS FX <fx@phenoelit.de> for his IRPAS Suite
Jamal Pecou Many others...
Please see the SF site for more information.
VHC "
SIPVicious 0.2 released -- A VOIP audit tool
Posted by boss on Tuesday, 09 October 2007 @ 17:01:20 EDT (784 reads)
Topic VOIP
cdupuis writes " Version '0.2' of 'SIPVicious' has just been released. You can find more details at: http://freshmeat.net/projects/sipvicious/
The changes in this release are as follows:
Notable features include:
- Session support, which allows you to resume previous scans as well as store the results in database format. Previous results may be exported to various formats: PDF, XML (HTML), CSV, and plain text. Updating may be done easily by making use of subversion (svn update).
- The UI was improved.
- The help was made more intuitive.
- The output was cleaned.
- More debug information is shown when needed. Random scanning techniques were implemented.
The 4 tools that you should be looking at are: - svmap
- svwar
- svcrack
- svreport
svmap
This is a sip scanner. When launched against ranges of ip address space, it will identify any SIP servers which it finds on the way. Also has the option to scan hosts on ranges of ports. For usage instructions check out SvmapUsage.
svwar
Traditionally a war dialer used to call up numbers on the phone network to identify ones that are interesting from ones that are not. With SIP, you can do something similar to identify active users.
svcrack
This is a password cracker making use of digest authentication. It is able to crack passwords on both registrar servers and proxy servers. It can make use of ranges of numbers or a dictionary file full of possible passwords.
svreport
Able to manage sessions created by the rest of the tools and export to pdf, xml, csv and plain text.
For general help on usage make use of -h or --help switch.
And if you're stuck you can always contact the author.
Other pages
ScreenShots
TodoList
ChangeLog "
SIP Proxy VoIP Security Test Tool
Posted by boss on Tuesday, 19 December 2006 @ 14:25:46 EST (725 reads)
Topic VOIP
Anonymous writes "As seen on the Securiteam mailing list at: http://www.securiteam.com
SIP Proxy is an Open Source VoIP security test tool which has been developed by the students Philipp Haupt and Matthias H rlimann during their diploma thesis and second student research project at the University of Applied Sciences Rapperswil (www.hsr.ch). Business partner was Compass Security AG in Rapperswil (www.csnc.ch).
In the so called "Proxy Mode", the application acts as a proxy between a VoIP PBX (e.g. Asterisk) and a UA (VoIP hard- or softphone). SIP traffic can be sniffed and dynamically manipulated with the help of regular expressions.
Logged SIP messages can be modified and resent. In the "Test Case Mode" predefined security tests which are specified as XML files can be run against a specific target. Fuzzing technology, which is a kind of black-box testing, can be applied to find weak spots in VoIP devices. There are many more specific modules which can be used within such a test case. For example Wordlist- or Bruteforce attacks. While running a test case, feedback is given by displaying a graphical report which can be exported in a printable PDF document afterwards.
With the help of SIP Proxy, several software bugs and configuration faults in specific VoIP devices have already been discovered.
Additional Information:
The information has been provided by Philipp Haupt.
To keep updated with the tool visit the project's homepage at: http://sourceforge.net/projects/sipproxy "
Nice collection of VOIP tools
Posted by boss on Sunday, 10 December 2006 @ 22:39:55 EST (4132 reads)
Topic VOIP
VOIPSEC Podcast #46 is now available
Posted by boss on Tuesday, 05 December 2006 @ 22:57:37 EST (4176 reads)
Topic VOIP
cdupuis writes "VOIPSEC readers,
FYI, Blue Box podcast #46 is now available for download:
http://www.blueboxpodcast.com/2006/12/blue_box_46_goo.html
In it, Jonathan and I talk about Google's new click-to-call, spend some time talking about the Best Practices project, cover your usual VoIP security news, Skype security, Bluetooth, and listener comments as well.
Show notes with links to all the articles are available on the website.
Enjoy,
Dan
P.S. Given that I edited this tonight in my hotel room in Wales primarily as a way to stay awake after being deliriously tired from an overnight flight that was incredibly bumpy, I make no guarantees on production quality... so if there are audio artifacts or transition edits that don't entirely work, there's a good explanation... :-)
--
Dan York, CISSP
Dir of IP Technology, Office of the CTO
Mitel Corp. http://www.mitel.com
dan_york@mitel.com +1-613-592-2122
PGP key (F7E3C3B4) available for
secure communication
"
Voice over IP Security Alliance (VOIPSA) Best Practices Project
Posted by boss on Tuesday, 28 November 2006 @ 19:41:46 EST (656 reads)
Topic VOIP
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
|
Does it hold any weight?