Progress of the Viproy pull requests for the Metasploit Framework

I saw a few challenges to submit Viproy modules to the Metasploit Framework;

Firstly, I'm not a developer, but a pen-tester and a researcher. this means, I prepared this code during an engagement or in a testing environment. 400+ features/skills are implemented in the SIP/Skinny libraries and modules, some skills/features require special systems which I have no access now. Because of this, I cannot provide a lab environment to test all the features/options, maybe during the Kiwicon 2015 training. That's why the source code is pretty dirty, but works in many cases, especially in VoIP pen-test engagement.

Moreover, I'm the only one who improves these modules during actual VoIP penetration tests, limited feedback and no code support. This prevents me to detect/fix errors of the software, only the Metasploit Framework team submitted code modifications on them. Thanks for all the commits and suggestions.

Finally, I have some timing issues before January 2015. "rspec" modifications and full review of the features are really hard tasks, and require a working test lab with all components. I'm not sure I can provide this time to major changes, but I will try.

I believe that Viproy should have a community support, that's why it is developed with the Metasploit Framework, not as a standalone software. These commits and comments show that it still has too much errors to fix and too much features to demonstrate. Also they show that community support is very useful, the Viproy's source code is improved by a team, not the author anymore. Basically this process does work.

Thanks for all support.

Now, we have two ways to decide;

• It may be slow, but I can support/update these pull requests with you to make Viproy a part of the Metasploit Framework, as soon as I can.
• or, preparing a good plan and waiting for 2015 Q1 for the major Viproy source improvements for the full Metasploit Framework integration.

Please think about it as a team, and suggest a way to do that. Remember, the code is licensed as the Metasploit License, you're free to fix/improve all features. I'm comfortable for the both options, the problem is only my schedule before Jan 2015.

Original post link at Github : https://github.com/rapid7/metasploit-framework/pull/4066#issuecomment-61608013

/cc @todb-r7 @jhart-r7 @jvazquez-r7 @hmoore-r7

Viproy VoIP Testing Modules Pull Requests for Metasploit Framework

I have made some cosmetic and required changes on the source of Viproy. Some modules, names and functions are changed for the Metasploit Framework compatibility. I need your testing and development support for those modules. I have submitted the Viproy SIP, Skinny, CDP testing modules, CUCDM exploits and libraries to the Metasploit Framework repository as pull requests. Please feel free to obtain the pull requests, try the code and send comments about the code or usage.

Viproy VoIP Pen-Test Kit pull requests in the Metasploit Framework Repository:

Viproy VoIP Pen-Test Kit - SIP Testing Modules
https://github.com/rapid7/metasploit-framework/pull/4060

Viproy VoIP Pen-Test Kit - Cisco CDP Testing Module
https://github.com/rapid7/metasploit-framework/pull/4061

Viproy VoIP Pen-Test Kit - Cisco CUCDM Exploits
https://github.com/rapid7/metasploit-framework/pull/4065

Viproy VoIP Pen-Test Kit - Cisco Skinny Testing Modules
https://github.com/rapid7/metasploit-framework/pull/4066

Documentation:

Usage and packet capture samples for SIP modules are available at the following link.
https://github.com/fozavci/viproy-voipkit/blob/master/SIPUSAGE.md

Usage and packet capture samples for SIP modules are available at the following link.
https://github.com/fozavci/viproy-voipkit/blob/master/SKINNYUSAGE.md

Usage and packet capture samples for the auxiliary Viproy modules are available at the following link.
https://github.com/fozavci/viproy-voipkit/blob/master/OTHERSUSAGE.md

Potential testing targets could be VulnVoIP, AsteriskNow or SipXecs distributions.

Viproy - VoIP Penetration and Exploitation Testing Kit

Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

Project Page : http://www.github.com/fozavci/viproy-voipkit
Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip


Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video

This is a training video for penetration testing of SIP servers.

Chapters of Training Video
1-Footprinting of SIP Services
2-Enumerating SIP Services
3-Registering SIP Service with/without Credentials
4-Brute Force Attack for SIP Service
5-Call Initiation with/without Spoof & Credentials
6-Hacking Trust Relationships
7-Intercepting SIP Client with SIP Proxy

Exploit Development Using Metasploit Framework (Presentation)

Me and my friend, Canberk Bolat, have presented a seminar about Exploit Development and Metasploit Framework at Free Software and Linux Days 2013 event. This slide set includes basic Exploit Development Techniques, Metasploit Framework Mixins and Its Features. Also we have demonstrated exploit development techniques with sample codes and exploit modules.

Hacking Trust Relationships of SIP Gateways (Video Demo)

I prepared an on-the-fly video demo for SIP Trust hacking. This video contains a demonstration about my technical paper, hacking trust relationships of SIP gateways. This paper and my "SIP Pen-Testing Kit for Metasploit" available at http://gamasec.net/fozavci/index-en.html. The tool, SIP Trust Analyzer will be available after Athcon 2013. Another Shiny demo will be presented at Athcon 2013, this video means only "it's just working".

SIP/NGN Services Pen-Testing using SIP Pen-Testing Kit (Training Video)

SIP Pen-Testing Kit for Metasploit is developed to help SIP Pen-Tests. This video prepared for demonstration and training for SIP Pen-Testing Kit.

Pen-Testing Steps in the Video

• SIP Service Discovery
• Using OPTIONS Requests
• Using REGISTER Requests
• REGISTER Without Credentials
• REGISTER With Valid Credentials
• Call Tests
• Direct INVITE Without Credentials
• INVITE With Credentials
• INVITE Spoofing With Credentials
• DOS Tests
• INVITE Sending to Valid Users (With/Without Credentials)
• INVITE Sending to Numeric Range (With/Without Credentials)
• Enumeration
• Enumerating Users and Accounts with Numeric Range (SUBSCRIBE, REGISTER, INVITE)
• Enumerating Users and Accounts with a Users File (SUBSCRIBE, REGISTER, INVITE)
• Brute Force
• Password Brute Force to a Target Account
• Password Brute Force to a Numeric Range
• Password Brute Force with a Users File

For Code
http://www.github.com/fozavci/gamasec-sipmodules

GamaSEC SIP Pen-Test Kit for Metasploit Framework

Project Page : http://www.github.com/fozavci/gamasec-sipmodules

SIP library for Metasploit is developed to help SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 5 different modules with authentication support: options tester, brute forcer, enumerator, invite tester and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

Pen-Tester's Guide for Metasploit Framework (in Turkish)

I prepared a detailed penetration testing guide for Metasploit Framework. This guide includes many basic usage samples, exploitation basics, auxiliary modules usage and more. Also there are chapters for basic exploit development, module development and post-exploitation samples. It's prepared in Turkish, but all codes are readable in English.