💾
kurare
  • 🤸Welcome!
  • 🔤Alphabet Soup
  • Training
    • CTFs & Labs
  • Directory Traver
  • Reporting
  • Toolbox
  • Rando Links
  • GRC (The box-checkers)
  • Common Software Repository
  • Social Networking
  • Penetration Testing Frameworks
  • Playbooks
    • Playbook: Figuring out software versions
    • Playbook: web applications
    • Playbook: Finding exploits
    • Playbook: Cloud Environments
  • Testing out credentials
  • Active Directory
  • Checklists
    • Pretest phase
    • Host Discovery
    • Website (external)
    • Black-box External Test
    • Host Enumeration
    • SMB enumeration
    • Page
  • Reporting
  • Services
    • VOIP / SIP
Powered by GitBook
On this page
  1. Services

VOIP / SIP

Hacking voiceover IP (VOIP) and Session Initiation Protocols (SIP)

PreviousReporting

Last updated 1 year ago

How to identify:

  • Ports 5001, 5060, 5090

  • VOIP login page

Tools:

  • Metasploit (MSF) modules

    • auxiliary/scanner/sip/options

    • auxiliary/scanner/sip/options_tcp

SIP options:

Will look something like

10.20.30.40:5060 tcp SIP/2.0 200 OK: {"Allow"=>"INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, SUBSCRIBE, NOTIFY, REFER, INFO, MESSAGE, UPDATE"}

Links & Reading:

https://medium.com/vartai-security/practical-voip-penetration-testing-a1791602e1b4