Re: Tools for voicemail testing?

From: Alexandre Bezroutchko (pentest7@scanit.be)
Date: Tue Jun 03 2003 - 09:15:19 EDT

• Next message: Alfred Huger: "New Focus Areas on SecurityFocus.com X-POST"
• Previous message: Mark Rowe: "Re: Tools for voicemail testing?"
• Maybe in reply to: Todd A. Jacobs: "Tools for voicemail testing?"
• Next in thread: Chris Hall: "Re: Tools for voicemail testing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

  Hi,

I have some custom tools (hardware and software) I use in voice-mail
audits. It allows
to automate pretty much any dialogue with voice mail systems. You
capture audio samples
from the target voice mail system and then write a Perl script using
external library which
implements function such as audio pattern recognition.

For example, algorithms similar to one below (I do not have access to
the original veresion
right now) was tested on several voice mail systems and gave very
impressive results -- full
keyspace search (4 digits) in 15 hours. Apparently, it is much faster
than most people think
is possible ;).

---------------------------------------------------------------------
for(;;) {
   hangup
   dial $voicemail_number

   wait_for "voicemail_prompt.pat"
   send dmtf "*"

  for(;;) {
    $pin = get_new_pin_from_dictionary()

    wait for "enter_your_pin_code.pat"
    send dtmf $pin

    $answer = wait for "invalid_pin.pat", "hangup.pat"
    last if $answer eq "hangup.pat"
    next if $answer eq "invalid_pin.pat"

    print "Suspicious pin code '$pin\n"
    last;
  }
}
---------------------------------------------------------------------

Similar techniques can be used to automatically traverse through
voice mail menu tree, sending strange sequences of DTMF (or some other)
tones to the system and analyse responce.

I have developed it for in-house use. We do not give it away for free,
but it is not a commercial-grade
software either. If you are interested, contact me and we can discuss
licensing terms.

-- 
Alexandre Bezroutchko
Scanit n.v., Belgium
http://www.scanit.be/
-------- Original Message --------
Subject: Tools for voicemail testing?
Date: Sun, 1 Jun 2003 23:26:56 -0700 (PDT)
From: "Todd A. Jacobs" <tjacobs-keyword-ptest01.f946df@codegnome.org>
To: pen-test@securityfocus.com
I've been Googling for about four hours tonight, and haven't been able to
turn up any current tools for performing brute-force attacks on voicemail
boxes. Does anyone know of any FOSS or commercial tools for performing
this sort of test?
-- 
The DMCA is anti-consumer. The RIAA has no right to rewrite copyright
laws to suit themselves.
---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Alfred Huger: "New Focus Areas on SecurityFocus.com X-POST"
• Previous message: Mark Rowe: "Re: Tools for voicemail testing?"
• Maybe in reply to: Todd A. Jacobs: "Tools for voicemail testing?"
• Next in thread: Chris Hall: "Re: Tools for voicemail testing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:34 EDT