To gain complete access to the system, we can try exploiting the softphone software as well. From the previous scenarios, we have the target's IP address. Let's scan and exploit it with Metasploit. However, there are specialized VOIP scanning tools available within Kali operating systems that are specifically designed to test VOIP services only. The following is a list of tools that we can use to exploit VOIP services:
- Smap
- Sipscan
- Sipsak
- Voipong
- Svmap
Coming back to the exploitation part, we have some of the exploits in Metasploit that can be used on softphones. Let's look at an example of this.
The application that we are going to exploit here is SipXphone version 2.0.6.27. This application's interface may look similar ...