[Voptalk] FW: SiVuS Authentication Analysis - Realtime Analysis
Peter Thermos
pthermos at vopsecurity.org
Sun Jul 22 10:38:13 EDT 2007
-----Original Message-----
From: Raul Siles [mailto:raul.siles at gmail.com]
Sent: Thursday, July 19, 2007 6:36 PM
To: voptalk at lists.vopsecurity.org
Cc: pthermos at vopsecurity.org
Subject: SiVuS Authentication Analysis - Realtime Analysis
Hi everybody,
I'm running some lab tests using X-Lite softphones, Asterisk and SiVuS 1.09.
In particular, I'm using the Realtime Analysis module to perform a password
guessing attack.
I've selected the following SIP request-line:
REGISTER UDP 2003 at domain:5060
After selecting the usernames and passwords files (both are text files
containing one word for the usernames file (the target username, "2003"),
and multiple single-word lines for the passwords file), and clicking on
Start, I've checked that only one REGISTER message is sent.
Taking network traces I've verified that this message does not includes the
"Authorization:" field (un-authenticated). The VoIP server responds with a
401 message and a challenge (nonce) asking for authentication, but the tool
never replies back with the response to the challenge.
It also seems, based on the tool output, that only the first word from the
passwords file is tried.
Should the Realtime Analysis module work? Is there something obvious I'm
doing wrong?
Thanks,
Raul Siles
More information about the Voptalk
mailing list