Follow us on Twitter!
Ideas are far more powerful than guns.
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 37
Guests Online: 35
Members Online: 2

Registered Members: 82847
Newest Member: Zanjux
Latest Articles

VoIP - The new Phreaking

Arrow Image Voice over IP is the new method of phreaking and this article covers some of the basics to get you started.



VoIP Basics

The days of Phreaking are long past and dead, pay phones no longer cough up goods anymore, and an entire branch of hacking practically died over night. Or did it?

Phreaking by traditional terms is long dead, the phone systems now employ systems that put tones on a second band which makes almost all boxes useless except for the Beige and Red boxes from what I know.

Where this falls a new era has come, and a new form of hacking along with it. This new advent in phone systems has come to be known as VoIP, or Voice over Internet Protocol.

As VoIP becomes more prominent we find that the line between hackers and phreakers is about to fade completely into the gray. VoIP is a phone system that runs by connecting to your internet access, or rather via an ethernet cord. Think vonage and all those annoying commercials you had to sit through, VoIP in basic form.

This article will tell you some of the basics of VoIP and what to expect.

Now then, let\'s begin.

As mentioned earlier VoIP works through an ethernet cord attached to the internet. As a hacker you should be informed that anything plugged into the internet is a far cry from secure, even including the CIA, FBI, and other top security fortresses (though they are substantially more difficult.)

The beauty of the VoIP system is that it\'s also a server that starts automatically and runs a protocol known as TFTP on port 69. One of the most lethal tools in VoIP hacking is also one that is useful in any field. Google. (Just a side note there\'s a reason everyone always tells you to use it before asking.)

Google is your best friend in finding vulnerable boxes to tap.

Try this line in google -

inurl:\"NetworkConfiguration\" cisco site:http://www.target.com

Remove the site tag unless you are after a certain site.

This should provide you with quite a bit of information, the Admin CP of the PBX (Phone Box) and all the data. Look for the TFTP server and run a ping on that IP, if it returns data you\'re in. Save the rest of that Data, you\'ll need it later

Get into Nmap or your favorite port scanner and plug in the same IP in a UDP scan. If 69 is open then you\'re golden.

You HAVE to be on Unix or at least an emulator like Cygwin for any further. Type in TFTP and the IP address.If a TFTP prompt comes up it worked, now you need a config file to get anywhere. Open up the file with that Data from earlier.

Type in -

get sep(insert MAC adress here).cnf

If you get a list of Data then it all worked out and you hit the gold mine. You have the Phone Extension, Voicemail Password, and Telnet Password to their phone.

From here I\'ll let you find out what to do with this information until I learn enough to write the next article.

Mind you if you do any of this on a PBX that you do not own I assume no responsibility if you get busted for it. Practice safe browsing, use a Proxy!

Until next time.

- Lemur

Comments

K_I_N_Gon February 20 2009 - 01:15:31
Interesting enough. Good-job.
ynori7on February 20 2009 - 01:20:47
Seems like this would have been better if you combined it with your next article. Good job though.
korgon February 20 2009 - 10:29:22
Nice article but there are plenty of tftp cmd line programs for windows also, You don't HAVE to have linux.
SaMTHGon February 20 2009 - 11:16:43
Nice article, good read as I'm new to phreaking...Rated: Awesome @korg: Do you mean that there is another way to connect to tftp in windows with the command prompt? If so what is it, because I tried tftp <ip> but it said: 'tftp' is not recognized as an internal or external command, operable program or batch file. Thanks in advanceGrin
mastergameron February 20 2009 - 11:19:08
Searching Google for 'tftp client' was hard, wasn't it?
korgon February 20 2009 - 11:47:08
Oh Boy, tftp is not built into windows my friend.
SaMTHGon February 20 2009 - 12:46:02
@mastergamer: I had already done that, I didn't know I had to download something to get it(Downloading now) I thought it was just another command like ftp, telnet or something...Thanks anyway.:happy:
spywareon February 20 2009 - 15:17:25
Those "commands" are just built-in clients.
ShadyTyranton February 20 2009 - 23:11:44
Good article. I have heard bad things about VOIPs security but never knew any exploits.
ShadyTyranton February 20 2009 - 23:12:17
Good article. I have heard bad things about VOIPs security but never knew any exploits.
Uber0non March 08 2009 - 23:52:03
Looks like the google dork needs to be a bit more specific - apart from that nice and interesting article Smile
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.