hahahah amol hacked ur ip address

Sign by Danasoft - For Backgrounds and Layouts

Author

Amol Bhure (ultra l33t) was born in Maharashtra, Seventh July Of Nineteen Hundred Nineteen Ninety A.D. He's currently pursuing his B.E in Bangalore. A cyber Security Professional, Hacker, Designer, Programmer. Keen interest in hacking and network security and he developed several techniques of defending and defacing websites. He's of the opinion that people should learn this art to prevent any cyber attacks. Currently Amol works as a member of 'Null International', Bangalore chapter as a network security guy. Apart from this, he has done internships at YAHOO! India, AMAZON India, etc. He has also attended various International conferences like NullCon GOA, c0c0n, ClubHack, Defcon , SecurityByte, ICFoCS, OWASP, etc.. He is certified with RHCE, LPT, CEH v7, SCJP, AFCEH. In programming he knows stuffs on C, C++, C# , JAVA (SCJP), .NET , and PHP. Additionally he knows few hardware languages like HDL, VHDL, Verilog, Embedded Micro controller Programming. He has been featured on google hall of fame. Amol was named a "India's top 10 hacker" by google. "World's top 50 hacking blog" by google.

Daily Page Views

Saturday, December 11, 2010

How to Hack Trixbox. Make free calls. Hack someones trixbox extension

During my experience with Trixbox I've discovered several insecurities along the so called VoIP PBX service installers. Service providers that like to call themselves " Telephony Service Providers".
We all know what Trixbox stands for, and it's Operating System that is running on. CentOS is a free Linux Flavor based on the Red Hat environment.
First is First, after installing Trixbox, if you take the manual it even tells you the change the default passwords. What an Who are the default passwords ? Default passwords are defined already by the Fonality team. Who are those passwords ? mysql default passwd, maint default passwd, fop default password, asterisk default password.
1)Trixbox main web Interface, access is wide open, meaning that anyone who knows your PBX IP address or sub domain, can access it. Here is the main huge insecurity that so called VoIP installers have no idea about . It is just amazing how inexperienced and so unreal about how to secure a PBX and secure should it be
When you click on FOP (Flash Operation Panel), it will show main SIP trunk(phone number), and extensions. Why is this unsecure ? Very simple, the FOP will show all extensions configured using the FreePBX interface. In my case, I am looking at a PBX, with over 28 extensions, 14 extensions are unused, 1 extension is used for conference, and the remaining for DEMO purposes. It looks like this guys are selling Trixbox PBXs, with a small change, the web interface has a different look but still way too close to Trixbox web. Demo extensions are probably used when on future customer sites to show the power of their systems.
BTW, I guess they haven't got a clue about Linux , and how to use it, because Apache has a very nice tool that can restrict access to a web page based on the MD5 cryptography .
I am looking at those unused extension and thought about it for a while, on how anybody who knows the IP address of this PBX can make free calls, and more. listen to their conversation simple by pressing "555" (chanspy). How is this possible ? Very easy ? Using a soft phone, configure it to connect to their PBX, use the unused extension, with password...... lets see. Most used passwords are actually most used PINs: 0000, 1111, 2222, 3333, 4444, 1234, and the list can go . Once human brain got used to use only 4 PINs for their debit cards, credit cards, Voicemail PINs, they will most likely use the same numbers as well.
One more thing I would like to add, is that most of PBX installers I have seen using Trixbox, and not clean Asterisk by default they will set every extension using one of the previous passwords. Hurry is the problem ! Inexperienced employees is the biggest, Untrained associates is the hugest, and the list can go on .
I am not going to provide any IPs, for security reasons, but I personally built a list of over 34 PBXs where I can connect, make calls using those assigned block of phone numbers, and worst listen to conversations.... that's correct . I am talking about live unsecured phone conversations. A small secret. In my list , 1 is a "leaders" Office. I can not go into details, I did not hacked their PBX, or made phone calls, or used their PBX in any way. Their IP was in my way and I had to take a look at it . I am talking about the "leaders" Office:)). Nice... right:) It was probably a volunteer hired at the IT department, that has no clue about Linux, Security, etc.
I'm sure you ask yourself on how I put my hands on such a skinny list. Remember Asterisk's OS. That's the only tip I can provide :). My search will continue when I have more time and add as many insecure PBXs to my list as possible.
2) FreePBX web interface has the default user: maint with password " password"
3) You can connect to MySQL server in 2 seconds. mysql default passwords is "passw0rd". Again I will stay away from providing more details, but please be aware what's MySQL server role in this PBX :)
Sweet, right?:)
4) Users can be driven crazy just by a few mouse clicks with FOP, Default password is again : passw0rd .
That's about it, for today. Visit my blog, and I promise more tips and tricks :)
Post a Comment