Results 1 to 9 of 9

Thread: Voiphopper howto

  1. #1
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Post Voiphopper howto

    This is a small howto on installing voiphopper version 0.9.7

    "VoIP Hopper is the answer to all voip solution providers who make people believe that VLANS is all you need to secure VoIP" - Sachin Joglekar, Sipera VIPER Lab

    "VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments."

    (SOURCE = Voiphopper readme.txt )

    This tool was released at shmoocon this past weekend.

    voiphopper

    Download and save( I saved mine to "/root") Then use:
    Code:
    bt ~# tar xvfz voiphopper-0.9.7.tar.gz
    This will "untar" and "ungzip" the package.
    Code:
    bt ~ # tar xvfz voiphopper-0.9.7.tar.gz
    voiphopper-0.9.7/
    voiphopper-0.9.7/Makefile
    voiphopper-0.9.7/arp.c
    voiphopper-0.9.7/buildmsg.c
    voiphopper-0.9.7/cache.c
    voiphopper-0.9.7/client.c
    voiphopper-0.9.7/dhcpconfig.c
    voiphopper-0.9.7/mac.c
    voiphopper-0.9.7/netinfo.c
    voiphopper-0.9.7/peekfd.c
    voiphopper-0.9.7/signals.c
    voiphopper-0.9.7/udpipgen.c
    voiphopper-0.9.7/voiphopper.c
    voiphopper-0.9.7/buildmsg.h
    voiphopper-0.9.7/client.h
    voiphopper-0.9.7/dhcpcd.h
    voiphopper-0.9.7/kversion.h
    voiphopper-0.9.7/mac.h
    voiphopper-0.9.7/maclist.h
    voiphopper-0.9.7/netinfo.h
    voiphopper-0.9.7/pathnames.h
    voiphopper-0.9.7/signals.h
    voiphopper-0.9.7/udpipgen.h
    voiphopper-0.9.7/LICENSE
    voiphopper-0.9.7/README
    Next "cd" to the directory where you saved it
    Code:
    bt ~# cd/root/voiphopper-0.9.7 #
    and then use "make" to install it
    Code:
     bt ~# cd/root/voiphopper-0.9.7 # make
    You should see the following as the output
    Code:
    INSTALLATION
    bt  voiphopper-0.9.7 # make
    gcc -c voiphopper.c
    gcc -c dhcpconfig.c
    gcc -c buildmsg.c
    gcc -c cache.c
    gcc -c udpipgen.c
    gcc -c peekfd.c
    gcc -c client.c
    gcc -c arp.c
    gcc -c signals.c
    gcc -c mac.c
    gcc -c netinfo.c
    gcc voiphopper.o dhcpconfig.o buildmsg.o cache.o udpipgen.o peekfd.o client.o arp.o signals.o mac.o netinfo.o -lpcap -o voiphopper
    bt voiphopper-0.9.7 #
    Usage looks like the following:

    1. To sniff for CDP and run a VLAN Hop into the Voice VLAN, simply run VoIP Hopper on the Ethernet interface, in the following way:
    Code:
    voiphopper -i eth1
    2. VoIP Hopper also allows one to VLAN Hop to an arbitrary VLAN, without sniffing for CDP. If you already know the Voice VLAN ID, or would like to VLAN Hop into another VLAN (without sniffing for CDP), you can run it in the following way:
    Code:
    voiphopper -i eth1 -v 200
    3. To Discover the Voice VLAN in an Avaya IP Phone environment:
    Code:
    voiphopper -i eth1 -a
    4. To spoof the MAC Address of an IP Phone by sniffing for CDP (this changes the MAC address of default interface and new interface):
    Code:
    voiphopper -i eth1 -m AA:AA:AA:AA:AA:AA
    5. To spoof the MAC Address of an IP Phone using an Avaya DHCP request (this changes the MAC address of default interface and new interface) :
    Code:
    voiphopper -i eth1 -a -m AA:AA:AA:AA:AA:AA
    6. To spoof the MAC Address of an IP Phone by VLAN Hopping without CDP or DHCP (this changes the MAC address of default interface and new interface):
    Code:
    voiphopper -i eth1 -v 200 -m AA:AA:AA:AA:AA:AA
    7. To spoof the MAC Address of an IP Phone without changing the MAC Address of the default ethernet interface (only spoof the new voice interface's MAC Address):
    Code:
    voiphopper -i eth1 -v 200 -m AA:AA:AA:AA:AA:AA -D
    (SOURCE = Voiphopper readme.txt )

    Well I hope that helps you get started
    Have fun and play nice
    This tutorial is not all of my own work credits to:
    AUTHOR
    Jason Ostrom
    And the other Developers.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Was just in contact with Jason Ostrom Developer of voiphopper and there is a newer version available voiphopper 0.9.9
    I upgraded to this version shortly after it came out.
    However I did not update this tutorial.
    Again the update is located here:
    voiphopper


    "Did you know there is a newer version,
    0.9.9, with some new features and the functionality for CDP changed a
    little bit?" - Jason Ostrom
    The install process is pretty much the same as the older version.

    Some infos pulled from the new readme
    It has been tested to dissect CDP packets on the following Cisco
    IOS Ethernet Switch platforms:
    1. Catalyst 3550
    2. Catalyst 3560
    3. Catalyst 3750
    4. Catalyst 6513 with WS-X6148A-GE-45AF module

    It has been tested to mimick the behavior of an Avaya 4620 IP Phone
    USAGE
    Now there are two CDP modes for VoIP Hopper. Sniff (-c 0) and Spoof (-c 1).

    1. To sniff for CDP and run a VLAN Hop into the Voice VLAN, simply run VoIP Hopper on the Ethernet interface, in the following way:
    voiphopper -i eth1 -c 0

    2. To Spoof CDP in order to more rapidly hop to the Voice VLAN in Cisco SIP environments, run VoIP Hopper in the following way:
    voiphopper -i eth1 -c 1 -E 'SIP00070EEA5086' -P 'Port 1' -C Host -L 'Cisco IP Phone 7940' -S 'P003-08-8-00' -U 1

    3. To Spoof CDP in order to more rapidly hop to the Voice VLAN in Cisco SCCP environments, run VoIP Hopper in the following way:
    voiphopper -i eth1 -c 1 -E 'SEP0070EEA5086' -P 'Port 1' -C Host -L 'Cisco IP Phone 7940' -S 'P00308000700' -U 1
    Also from the readme

    Happy Hopping !
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Junior Member tek911's Avatar
    Join Date
    Jan 2010
    Posts
    59

    Default

    Never a more timely post. I'm semi-gearing up for a voip assessment. As always very thankful for your post.

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by tek911 View Post
    Never a more timely post. I'm semi-gearing up for a voip assessment. As always very thankful for your post.
    Great, let me know if you need some more infos or tools in the line of VOIP
    I have been messing with them lately and I have a few more to go through and maybe do some posts on them.

    Doesn't seem to be a lot of interest in it however it will come soon enough.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #5
    Junior Member tek911's Avatar
    Join Date
    Jan 2010
    Posts
    59

    Default Hit me with the voipage

    Yes!!!! I'm currently reading through How to Cheat at VoIP Security. Its a little dated, i'm trying to get the baseline by reading the book then i'm going to hit RE & old shmoocon/BH/Dcon writeups and videos to stay a little more current. I'm making a lzm for voiphopper right now (at least im trying) ill put up the rapidshare link or something as soon as I get it all together. I'd like to put together a new VOIP lzm as the current sweet is showing its age (or its showing my ignorance on the subject so let me retract that without a little more digging into the bt3 files).

  6. #6
    Junior Member tek911's Avatar
    Join Date
    Jan 2010
    Posts
    59

    Default ok. im a itard

    Ok, so just compiled voiphopper, its a one program tool (duh) so i'll skip the lzm. I'll probably just bundle it in to my regular base install lzms but i might just try to put together an lzm of just voip tools.

  7. #7
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by tek911 View Post
    Yes!!!! I'm currently reading through How to Cheat at VoIP Security. Its a little dated, i'm trying to get the baseline by reading the book then i'm going to hit RE & old shmoocon/BH/Dcon writeups and videos to stay a little more current. I'm making a lzm for voiphopper right now (at least im trying) ill put up the rapidshare link or something as soon as I get it all together. I'd like to put together a new VOIP lzm as the current sweet is showing its age (or its showing my ignorance on the subject so let me retract that without a little more digging into the bt3 files).
    Ok let us know how you get one with this lzm

    as for more info try this one for right now, I have found lots of good info there:
    http://www.voip-info.org/wiki/
    I am going to try and work on a thread for others to share VOIP Info on here.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  8. #8
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Very nice tutorial archangel.amael

    I just added this to my personal archive, very informative. After reading this tutorial I think I might actually start researching VoIP security a bit more. Seems there is a lot of fun involved, you've caught my attention any how.

    VoIP is really good, insecure but good. I told a few friends of mine about making free phone calls with VoIP and how to reuse the free trail VoIP applications, its made them very happy. Have not had the same interest in VoIP and VLANs since then, looks like it's time for me to start getting involved with it again

    Cheers man!

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by The_Denv View Post
    Very nice tutorial archangel.amael

    I just added this to my personal archive, very informative. After reading this tutorial I think I might actually start researching VoIP security a bit more. Seems there is a lot of fun involved, you've caught my attention any how.
    No problem glad you found it useful.
    VoIP is really good, insecure but good. I told a few friends of mine about making free phone calls with VoIP and how to reuse the free trail VoIP applications, its made them very happy. Have not had the same interest in VoIP and VLANs since then, looks like it's time for me to start getting involved with it again
    Cheers man!
    To be sure, lots of fun can be had with voip. also one can d/l vmware and use some app like trixbox to have phone fun as well.


    Also some more infos are in the works and I did a small guide on sipvicious as well.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •