From: lion nagar (lionbsd@gmail.com)
Date: Wed Jun 14 2006 - 14:19:51 EDT
Hi,
well a general list would be:
1. default passwords, almost all PBX's got default passwords on them,
some PBX's even got ftp servers on them to upload files, or delete
them...
2. supervisor console phone. most companies have at least 1 console
phone with access to administrative " feature access codes", some
would let you disable phones, move phone extensions, listening to
calls, divert calls ,etc... if you are really lucky and the system guy
is just "copy" extensions there might be even more than 1.
3. "call menu", scan the phone number range, try calling the reception
desk at night, you might get a voice recorded greeting you to enter an
extension, some of the administrators don't validate the digits
entered and you can abuse the system for long distance calls, or even
some of the "feature access codes" mentioned above.
4. most companies have their PBX connected to a phone line for
maintenance from a 3'rd party, installing licenses, maintenance,
etc... get that number and try getting in from home.
there are few more issues with PBX's, and some companies really
depends on the phone system for the company to work (call centers,
telemarketing, etc..) and since Internet has gone everywhere people
pay less attention to their telephone system, and leave a lot of
holes.
hope that helps a bit,
Lior
On 6/13/06, Grizzly <grizzly@bee-side.net> wrote:
> Hi list,
> have someone any idea about general pbx testing (assessment, pentest)?
> Thanks!
> --
> Massimiliano Spini
> GnuPG ID 5113DFD8
> GnuPG Fp A2E0 097F 008B 76FE DCBA 6BC4 8261 4587 5113 DFD8
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:05 EDT