![](\"https:\/\/varutra-1a3b6.kxcdn.com\/wp-content\/uploads\/2014\/06\/voip-Copy-1024x600.png\" "\\"voip")
<\/p>\n<\/p>\n
![\"VOIP\"](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2014\/05\/Screen-Shot-2014-05-21-at-4.15.15-PM.png\")
<\/a><\/h3>\nVoice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most of the organizations which have implemented VoIP are either unaware or ignore the security issues with VoIP and its implementation. Like every other network, a VoIP network is also susceptible to abuse. This document details, step by step, how to install and configure trixbox. It includes information on how to set up extensions, incoming and outgoing phone calls, VoIP penetration Testing, Caller ID Spoofing.<\/p>\n
This is a four parts series tutorial detailing on how to conduct Penetration Testing on VoIP. For practical we will set up our own LAB with VoIP setup and attack against it.<\/p>\n
In first tutorial, we will go through step-by-step instructions on how to install trixbox and understand various terms in VoIP.<\/p>\n
<\/p>\n
trixbox CE is an easy to install, VoIP Phone System based on the Asterisk PBX. trixbox is designed for home or office use. trixbox CE includes CentOS, Linux, MySQL, and all the tools needed to run a business quality phone system.<\/p>\n
In October of 2006, the Asterisk@Home project was renamed to “trixbox” in order to get away from the being the small basement project that Andrew Gillis started back in 2004. Today it is known as trixbox CE (Community Edition) to differentiate itself from the trixbox Pro product that is available from Fonality, the company that sponsors the trixbox CE project. With over 100,00 installed systems, trixbox CE is the most popular full-featured, open source PBX distribution available.<\/p>\n
<\/p>\n
VoIP is a technology that allows telephone calls to be made over computer networks like the Internet. VoIP converts analog voice signals into digital data packets and supports real-time, two-way transmission of conversations using Internet Protocol (IP).><\/p>\n
VoIP calls can be made on the Internet using a VoIP service provider and standard computer audio systems. Alternatively, some service providers support VoIP through ordinary telephones that use special adapters to connect to a home computer network. Many VoIP implementations are based on the H.323 technology standard.<\/p>\n
Here are some terms that you probably want to know: For this tutorial, I have used following lab setup to demonstrate various security issues in VoIP.<\/p>\n <\/p>\n 1. Virtual Machine with following specification<\/p>\n – Hard Disk – 10GB<\/p>\n – RAM – 256MB<\/p>\n 2. Trixbox CE 2.6.2 (Stable)<\/p>\n Steps to Install :<\/b><\/p>\n User Name: maint<\/em> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 We have successfully installed trixbox platform and lets move ahead to understand about security issues on VoIP. Let us start with the Information Gathering phase of Penetration Testing.<\/p>\n <\/p>\n Google Hacking uses search engine like Google to find vulnerable web server and websites. Google Hacking makes use of special search queries to locate servers and web application running with inadequate security or with no security.<\/p>\n For detail information on Google Hacking please visit:<\/p>\n http:\/\/en.wikipedia.org\/wiki\/Google_hacking<\/a><\/p>\n http:\/\/mkbonlinereputatie.nl\/wp-content\/uploads\/2014\/02\/Google-advanced-search.pdf<\/a><\/p>\n In this tutorial we will try to learn how to use Google Dorks for getting as much information as possible about the target.<\/p>\n Some of the dorks related to VoIP are mentioned below.<\/p>\n You can also use Google to find several web management front end i.e. web based login of Asterisk.<\/p>\n Enumerating TFTP Server<\/b><\/span><\/p>\n Many VoIP phones use a Trivial File Transfer Protocol<\/a> (TFTP) server to download configuration settings each time they power on. TFTP does not require any authentication to upload or download files, so one of the easiest way for an attacker to compromise a VoIP network is to attack the TFTP server which uses UDP port 69. Attackers can simply looking for listening services on UDP port 69 find out TFTP service running.<\/p>\n TFTP is insecure, as it requires no authentication to upload or fetch a file. Many phones first try to download a configuration file. Sometimes this configuration file is a derivative of the phone’s MAC address.<\/p>\n In this tutorial, I have used below mentioned Google Dork to enumerate TFTP.<\/p>\n inurl:”NetworkConfiguration” cisco<\/b><\/em><\/p>\n Now lets carry out enumeration on target TFTP IP using BackTrack Pentest Tools:<\/p>\n
\n
\nSIP<\/b>: Session Initiation Protocol is one of the most widely used VoIP protocols. <\/span>
\n
\nH.323<\/b>: An ITU standard protocol.<\/span>
\n
\nIAX<\/b>: A new VoIP protocol introduced by Asterisk (Digium).<\/span>
\n
\nCodec:<\/b> Short for Coder-Decoder, algorithms used to convert audio into data. <\/span>
\n
\nDID<\/b>: Direct Inward Dial. A phone number mapped to VoIP.<\/span>
\n
\nCDR<\/b>: Call Detail Records.<\/span>
\n
\nPDD<\/b>: Post dial delay, delay after a number is dialed until the call is connected.<\/span>
\n
\nIP Phone<\/b>: Phone that connects to a network instead of a regular phone line.<\/span>
\n
\nATA<\/b>: Analog Telephone Adapter.<\/span>
\n
\nRate center<\/b>: Numbers within the same area code.<\/span>
\n
\nIVR<\/b>: Interactive voice recording that interacts with the caller via menus.<\/span>
\n
\nPBX<\/b>: Private branch exchange systems that interconnect extensions and phone lines.<\/span>
\n
\nAsterisk<\/b>: The most widely used open source PBX.<\/span>
\n
\nDirect route<\/b>: Channels to route calls to a specific destination.<\/span>
\n
\nSoftphone<\/b>: Software based phone.<\/span><\/p>\nLab Setup for VoIP Testing:<\/b><\/h3>\n
\n
\n
<\/a><\/li>\n<\/a><\/li>\n<\/a><\/li>\n<\/a>
\n<\/em><\/li>\n<\/a><\/li>\n<\/a><\/li>\n
\nPassword: password<\/em>\u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/em><\/p>\n
\n<\/a><\/em><\/em>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 11.\u00a0 After successful login you will see the\u00a0 trixbox platform as shown below.<\/p>\n<\/a><\/p>\nVoIP Google Hacking<\/span><\/b><\/h3>\n
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n\n
\n
\n.\/tftp-bruteforce.pl TFTP Server IP Address brutefile.txt 10<\/strong> <\/b>brutefile.txt <\/b><\/em>file contains names of the configuration file.
\n<\/a><\/li>\n