Skip to main content
Sandro Gauci

Sandro Gauci, Enable Security

ClueCon Weekly with Sandro Gauci, demonstration of SIP Digest Leak

Published on Oct 16, 2020 in , ,

ClueCon weekly is a regular video by the people behind Freeswitch and Signalwire, hosted by the very friendly David Duffet. I had the pleasure of recording an interview and a presentation with David a few weeks back. If you would like a summary of what the video chat was about, scroll down to the points below. Otherwise, hope you enjoy the chat as much as I did!

Summary

Here’s an outline of what went on:

  • Introduction about my background in security, telephony and VoIP
  • What we do at Enable Security (spoiler: penetration testing)
  • How SIPVicious OSS came about and why I created the toolset
  • About publishing offensive security tools as open source and the risk of abuse
  • Promoted a bit the Awesome Real-time Communications hacking & pentesting resources
  • The presentation called SIP Authentication Attacks starts at around 12:00
  • Explained how VoIP man-in-the-middle attacks differ from the SIP digest leak attack
  • Demonstration for a full SIP digest leak attack starts at around 26:00
  • Our toolset, SIPVicious PRO was used to show the following:
    • First we do a SIP extension enumeration attack
    • Discover an extension that allows incoming calls, extension 2000
    • Start the SIP digest leak attack using SIPVicious PRO and receive the SIP authentication digest
    • This is then passed to John the Ripper which performs an offline password cracking attack on the digest hash and recovers the original password
  • Discussion of solutions to the SIP digest leak vulnerability
  • Usage of defensive tools and my thoughts on adding a lot of security solutions on top of existent solutions

Thanks to David Duffet for the opportunity!


Sandro Gauci

Sandro Gauci

CEO, Chief Mischief Officer at Enable Security

Sandro Gauci leads the operations and research at Enable Security. He is the original developer of SIPVicious OSS, the SIP security testing toolset. His role is to focus on the vision of the company, design offensive security tools and engage in security research and testing. Therefore, he is the proud owner of the title of Chief Mischief Officer at Enable Security.

He offers public office hours and is reachable here.