[Voptalk] FW: SiVuS Authentication Analysis - Realtime Analysis

Raul Siles raul.siles at gmail.com
Mon Jul 23 23:10:04 EDT 2007 

Hi Peter,
Thanks for forwarding the message to the voptalk at vopsecurity.org
address. I initially submitted it to voptalk at lists.vopsecurity.org,
but I'll use the new address from now on.

If you have some time, may you please check if SiVuS Authentication
Analysis - Realtime Analysis works as expected? It seems to me, based
on my tests, that it does not follow the authentication procedure
expected by the VoIP PBX (Asterisk).

Thanks!
--
Raul Siles

On 7/22/07, Peter Thermos <pthermos at vopsecurity.org> wrote:
>
>
> -----Original Message-----
> From: Raul Siles [mailto:raul.siles at gmail.com]
> Sent: Thursday, July 19, 2007 6:36 PM
> To: voptalk at lists.vopsecurity.org
> Cc: pthermos at vopsecurity.org
> Subject: SiVuS Authentication Analysis - Realtime Analysis
>
> Hi everybody,
> I'm running some lab tests using X-Lite softphones, Asterisk and SiVuS 1.09.
> In particular, I'm using the Realtime Analysis module to perform a password
> guessing attack.
>
> I've selected the following SIP request-line:
> REGISTER UDP 2003 at domain:5060
>
> After selecting the usernames and passwords files (both are text files
> containing one word for the usernames file (the target username, "2003"),
> and multiple single-word lines for the passwords file), and clicking on
> Start, I've checked that only one REGISTER message is sent.
>
> Taking network traces I've verified that this message does not includes the
> "Authorization:" field (un-authenticated). The VoIP server responds with a
> 401 message and a challenge (nonce) asking for authentication, but the tool
> never replies back with the response to the challenge.
>
> It also seems, based on the tool output, that only the first word from the
> passwords file is tried.
>
> Should the Realtime Analysis module work? Is there something obvious I'm
> doing wrong?
>
> Thanks,
> Raul Siles
>
> _______________________________________________
> - The VoPSecurity Forum -
>
> To post a message to the mailing list send an email to [
> voptalk_at_lists.vopsecurity.org ]
>

More information about the Voptalk mailing list