CEH.V6.-.Module.38.VoIP.Hacking

Reproduction is strictly prohibited enumeration

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: kin Queso Snacktime Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Enumeration Enumeration EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steps to Perform Enumeration 1 2 3 4 5 EC-Council • Extract user names using win 2k enumeration • Gather information from the host using null sessions • Perform Windows enumeration using the tool Super Scan4 • Get the users’ account using the tool GetAcct • Perform an SNMP port scan using the tool SNScan V1.05 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Banner Grabbing with Netcat Banner grabbing is a method where a port is connected to remote target to gather gather information of associated services running on it It is the first step implicated in enumerating VoIP network Types of banner grabbing: • Manual Banner grabbing • It can be accomplished easily using command-line tool NETCAT • Automated Banner grabbing • In this type, fingerprinting tool SMAP analyzes SIP message response to determine the device it is probing EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIP User/Extension Enumeration Provides some valid username or extensions of SIP phones Easy way to glean user registration Methods of Enumeration: • • • • • REGISTER Username Enumeration INVITE Username Enumeration OPTIONS Username Enumeration Automated OPTIONS Scanning with sipsak Automated REGISTER, INVITE and OPTIONS Scanning with SIPSCAN SIPSCAN Against SIP server • Automated OPTIONS Scanning Using SIPSCAN Against SIP Phones EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited REGISTER Username Enumeration SIP REGISTER call flow from phone to registration servers User SIP Server REGISTER F1 200 OK F2 401 Unauthorized F2 or 407 Proxy Authentication Required F2 REGISTER F3 200 OK F4 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited INVITE Username Enumeration INVITE INVITE Username Enumeration provides track back evidence as: • It involves ringing the target’s phone • Missed calls logged on the phones and on SIP proxy EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited OPTIONS Username Enumeration A stealthy method for enumerating SIP users It supports all SIP services and user agents User SIP Server OPTIONS F1 200 OK F2 Or 404 Not found F2 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Automated OPTIONS Scanning with with sipsak For OPTIONS scanning, commandli line tool sipsak is used (http://sipsak.org) It It is useful in stress testing and diagnosing SIP service issues EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Automated REGISTER, INVITE and OPTIONS Scanning with SIPSCAN against SIP SIP Server Use Use SIPSCAN (www.hackingvoip.com) EC-Council It It returns the live SIP extensions/users Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Automated OPTIONS Scanning Using SIPSCAN against SIP Phones With this method, you can identify exact extension that the phone uses to log in to the SIP proxy or registrar EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Enumerating TFTP Servers Locate the server within the network It can be done by reading the TFTP server IP address from web-based configuration fi EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SNMP Enumeration SNMP listens on UDP port 162 Use Nmap to find any devices that supports it • root@domain2 ] # nmap –sU Provides configuring information such as: • • • • Vendor Vendor type u...
View Full Document

Ask a homework question - tutors are online