Results 1 to 6 of 6

Thread: Bruteforce attack on a voicemailbox with spoofed caller id

  1. #1
    Just burned his ISO
    Join Date
    Sep 2012
    Posts
    3

    Default Bruteforce attack on a voicemailbox with spoofed caller id

    Hello,

    I have an intership at an ICT company for my thesis. My thesis is about voip security, and i have an question about bruteforce attack on a voicemailbox with a spoofed caller id.

    Does anybody know how to spoof a caller-id and bruteforce attack the voicemailbox of that victim (spoofed caller id)?

    I know how to spoof a caller id with metasploit and different website that can spoof the caller id, but how can i bruteforce the mailbox of that victim at the same time?

    Or is the only option through asterisk?

    Thank you!

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Bruteforce attack on a voicemailbox with spoofed caller id

    If you have unlimited login attempts to the voicemail system then why bother "proving" anything? If they've set it up that way it's a FACT that it can be done. If the company can't see that then please tell us who they are so we can avoid them.

    Further why would it matter what the originating caller ID is? Shouldn't you be able to login to voicemail from any other phone? If you limit the phones from which an end user can access their voicemail that kind of limits voicemail's usefulness.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Just burned his ISO
    Join Date
    Sep 2012
    Posts
    3

    Default Re: Bruteforce attack on a voicemailbox with spoofed caller id

    Quote Originally Posted by thorin View Post
    If you have unlimited login attempts to the voicemail system then why bother "proving" anything? If they've set it up that way it's a FACT that it can be done. If the company can't see that then please tell us who they are so we can avoid them.

    Further why would it matter what the originating caller ID is? Shouldn't you be able to login to voicemail from any other phone? If you limit the phones from which an end user can access their voicemail that kind of limits voicemail's usefulness.
    Thank you for your reply.

    Yes there are currently unlimited login attempts allowed to the voicemail system. The reason why I would like to spoof the caller id is because, it is not allowed to login to a voicemail box which is not yours. So you don't hear something like "Enter your phone number (extension)" and then "enter your voicemail password". If you dial the voicemail system you hear immediately "enter your voicemail password". That's the reason why i would like to spoof it. Or is there a "trick" to go to the menu where you can enter the phonenumber and password? They are using Cisco Callmanager and Cisco IP Phones.

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Bruteforce attack on a voicemailbox with spoofed caller id

    The details will be specific to your implementation, however, it seems awfully limited (bordering on pointless) to have a voice mail (VM) system that can only be accessed from inside.

    What if you're working away from the office? What if you're traveling for work? etc

    Every VM system I've ever dealt with had external access lines where you entered your phone # or extension in order to access your VM, or you called your own internal line from whatever external phone and hit *, #, #86, #00, #99, *0 etc.

    If you're working for an ICT company you should already know this.

    In the end there are plenty of online services that allow you to spoof originating details, you could use asterisk, or you could use a soft VoIP client.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Just burned his ISO
    Join Date
    Sep 2012
    Posts
    3

    Default Re: Bruteforce attack on a voicemailbox with spoofed caller id

    Well during my thesis I do a research about toll fraud (dial through fraud).
    I know that hackers brute force the voicemail box and after that leave a message on the hacked voicemail account. Dial the voicemail box and login with the brute forced account and listen the message and press * after the message to dial the number who has leaved the message.

    So if that would be the process or part of the process I would like to try it in my testlab inside the company. I have an cisco callmanager and unity to try this.

    But I canít find who to brute force a voicemail box. I know which number to dial a the voicemail server.

    I found a website to dial numbers and brute force extensions with numbers. Can you tell me if this works or if there is a another method?

    https://sites.google.com/site/m4phr1k/voicemail

    So yes, I am working at the company but only for my thesis thatís the reason why I donít know the complete infrastructure. But before I would like to test this I want to know how. 

    Thank you for the advice, I hope that you can help me brute force the voicemail box

  6. #6
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default Re: Bruteforce attack on a voicemailbox with spoofed caller id

    To caller ID spoof, I use "Caller ID Faker" and "SpoofApp". Both are available as APK's for Android. You could also setup an Asterix server, but that is a little more time consuming.

    I've used the above tools successfully for social engineering scenarios. You can spoof the calling number and record the conversation.

Similar Threads

  1. Hydra bruteforce and dictonary attack script.
    By deviney in forum BackTrack 5 Experts Section
    Replies: 2
    Last Post: 08-21-2012, 04:10 PM
  2. Reaver 1.4 WPS Bruteforce Tool Install/Scan/Bruteforce Tutorial
    By MartinBishop in forum BackTrack 5 Videos
    Replies: 20
    Last Post: 07-12-2012, 01:40 AM
  3. HYDRA Bruteforce attack
    By ghostdog67 in forum Tutorial ed HowTo
    Replies: 15
    Last Post: 03-22-2011, 09:31 AM
  4. Bruteforce attack useless
    By LordIfrit in forum OLD Wireless
    Replies: 55
    Last Post: 12-10-2008, 03:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •