Training: Practical VoIP Hacking with Viproy (Kiwicon'14)

We have prepared a VoIP hacking training for the Kiwicon security conference at New Zealand. The training focus is the testing of the VoIP signalling protocols using Viproy. We'll explain the VoIP essentials and the protocol basics for SIP and Skinny. Also it will be demonstrated that how we can attack to the VoIP servers using web management interfaces, essential services and signalling services. Viproy VoIP penetration testing kit will be in use for the basic and advanced attacks such as SIP trust hacking, SIP proxy bounce attack, Skinny service manipulation, CUCDM exploitation and attacking VoIP clients. If you're interested in about VoIP and attending to Kiwicon, come and join us in this training.

Registration:

You can sign up this training using the form at the Kiwicon homepage.

https://kiwicon.org/the-con/training/practical-voip-hacking-with-viproy

Viproy VoIP Testing Modules Pull Requests for Metasploit Framework

I have made some cosmetic and required changes on the source of Viproy. Some modules, names and functions are changed for the Metasploit Framework compatibility. I need your testing and development support for those modules. I have submitted the Viproy SIP, Skinny, CDP testing modules, CUCDM exploits and libraries to the Metasploit Framework repository as pull requests. Please feel free to obtain the pull requests, try the code and send comments about the code or usage.

Viproy VoIP Pen-Test Kit pull requests in the Metasploit Framework Repository:

Viproy VoIP Pen-Test Kit - SIP Testing Modules
https://github.com/rapid7/metasploit-framework/pull/4060

Viproy VoIP Pen-Test Kit - Cisco CDP Testing Module
https://github.com/rapid7/metasploit-framework/pull/4061

Viproy VoIP Pen-Test Kit - Cisco CUCDM Exploits
https://github.com/rapid7/metasploit-framework/pull/4065

Viproy VoIP Pen-Test Kit - Cisco Skinny Testing Modules
https://github.com/rapid7/metasploit-framework/pull/4066

Documentation:

Usage and packet capture samples for SIP modules are available at the following link.
https://github.com/fozavci/viproy-voipkit/blob/master/SIPUSAGE.md

Usage and packet capture samples for SIP modules are available at the following link.
https://github.com/fozavci/viproy-voipkit/blob/master/SKINNYUSAGE.md

Usage and packet capture samples for the auxiliary Viproy modules are available at the following link.
https://github.com/fozavci/viproy-voipkit/blob/master/OTHERSUSAGE.md

Potential testing targets could be VulnVoIP, AsteriskNow or SipXecs distributions.