Security Testing Code

We are licensing code which demonstrates the following vulnerabilities:

• SIP Digest Leakage – gives access to the challenge response of a large number of IP Phones (unpatched / 0day)

Note that we will do background checks to make sure that you are not an evil entity.

Contact us for further details

EnableSecurity VOIPPACK

EnableSecurity VoIPPack for CANVAS is a set of tools that are designed to work with Immunity CANVAS software. The tools target VoIP systems such as PBX servers, IP Phones and SIP gateways. Highlights include:

• sipautohack – Given a target network, this module will scan for SIP devices, enumerate any extensions on all PBX servers found and try to guess their password
• asterisknow_exec – Installs MOSDEF on an AsteriskNOW is configuration credentials are known
• sipdigestleak – Forces IP Phones to leak out the digest credentials and performs a quick offline password attack
• ghostcall – Rings all phones on a target network at the same time
• iax2autohack – similar to sipautohack, IAX2autohack works on the IAX2 protocol supported by Asterisk, and will scan for PBX servers, enumerate extensions and try to guess their password

More information at the VOIPPACK page.