O'Reilly logo

Metasploit Penetration Testing Cookbook - Second Edition by Abhinav Singh, Monika Agarwal

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Scanning and enumeration phase

This is the phase where we gather information about the VoIP topology, servers, and clients, in order to perform a successful attack. Basically, what we are looking for is live hosts, PBX type versions, VoIP servers/gateways, clients (hardware and software) type versions, and so on. We will be enumerating SIP extensions instead of enumerating usernames. Enumeration is the key to every successful attack/penetration, test as it provides the much needed details and an overview of the setup; VoIP is not any different. In VoIP network, information useful to us as an attacker is VoIP gateway/servers, IP-PBX systems, client software (softphones)/VoIP phones, and user extensions. For the sake of demonstration, let's assume ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required