O'Reilly logo

Metasploit Penetration Testing Cookbook - Second Edition by Abhinav Singh, Monika Agarwal

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Yielding passwords

From the previous section, we have the IP address and extension address of the SIP server. So ,now we will focus on yielding passwords to bypass the authentication level. In this section, we will learn to use Wireshark for sniffing traffic and sipcrack suite, as well.

When a new or existing VoIP phone establishes a connection to the network, it sends a REGISTER request to the IP-PBX server for registering the associated user ID/extension number. This request contains crucial details, such as user information, authentication data, and so on.

A sample SIP authentication request is as follows:

REGISTER SIP :192.168.1.130;transport=UDP SIP/2.0
Via : SIP/2.0/UDP 192.168.1.132:5061;branch=zghg4bk-d8752z-37184e79d2d8cac8-1-----d87542 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required