-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Viproy VoIP Pen-Test Kit - Cisco CUCDM Exploits #4065
Conversation
def initialize(info = {}) | ||
super( | ||
'Name' => 'Viproy CUCDM IP Phone XML Services - Call Forwarding Tool', | ||
'Version' => '1', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This field isn't used by the framework, please, delete it.
Please, do one pull request by module. It allows to handle easier and faster (no need to wait until all the modules are ready, modules can be landed once they are okey). |
OptString.new('TARGETURI', [ true, 'Target URI for XML services', '/bvsmweb']), | ||
OptString.new('MAC', [ true, 'MAC Address of target phone', '000000000000']), | ||
OptString.new('FORWARDTO', [ true, 'Number to forward all calls', '007']), | ||
OptString.new('ACTION', [ true, 'Call forwarding action (FORWARD,INFO)', 'FORWARD']), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please, use Actions for this purpose, not a datastore ACTION. You can review Msf::Module::HasActions
for the internals. If you just interested about how to use them, there are examples in the framework. For example modules/auxiliary/admin/http/axigen_file_access, modules/auxiliary/admin/http/mutiny_frontend_read_delete,... You can search auxiliary modules with 'Actions'
metadata field for examples!
I have fixed the findings, would you check them again please. Also I will use separated pull requests for the future ones, thanks. |
these exploits do not require Skinny or SIP libraries. please check the new version again, and commit your code modification suggestions, and then I can merge them. |
Author sections are fixed
Is there any progress about this module? It seems ok and a test server was provided as well. |
Did final result by myself, check final result here: 49f04fa Modules would benefit of some extra clenaup but I think the version landed is good enough to go. Thanks @fozavci , used your test server code for testing, was really helpful.
|
Viproy VoIP Pen-Test Kit CUCDM exploitation modules for the call forwarding and speed dial manipulation attacks.
Sample usage and packet captures are available at the following link.
https://github.com/fozavci/viproy-voipkit/blob/master/OTHERSUSAGE.md
Usage video and demonstration are available at the following video.
https://www.youtube.com/watch?v=6lUFMXfBw94