[VOIPSEC] Fwd: Sipflanker finds fulnerable Web GUIs deployed by IP phones and PBXs
Shawn Merdinger
shawnmer at gmail.com
Thu May 29 09:37:07 CDT 2008
fyi
--scm
---------- Forwarded message ----------
From: Sergio Castro <sergio.castro at unicin.net>
Date: Tue, 27 May 2008 15:00:03 -0500
Subject: Sipflanker finds fulnerable Web GUIs deployed by IP phones and PBXs
To: pen-test at securityfocus.com
Many (if not most) VoIP devices have available a Web GUI for their
configuration,
management, and report generation. These Web GUIs are often on default,
meaning that
the moment you install the IP phone or IP PBX, the Web GUI is immediately
available
on the network. And unfortunately it is also common for the username and
password
to have default values.
Sipflanker will help you find these SIP devices with potentially vulnerable
Web GUIs
in your network.
What the application does is search the range of IPs you specify, and checks
if port
5060 is available. Whether open or close, port usually 5060 indicates the
presence of a SIP
device. Then it checks if port 80 (http) is open. The combination of an open
port 80,
together with port 5060, either open or closed, signals a probable SIP
device with a Web GUI.
Sipflanker then proceeds to extract the website, and fingerprint the device.
You can find default passwords for IP phones at
http://www.infosegura.net/passwords.htm
You can download sipflanker at http://code.google.com/p/sipflanker/
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
More information about the Voipsec
mailing list