Cyber Defenders - Acoustic
Acoustic
This is our walkthrough on a vulnerable VOIP PCAP. This lab was completed quite some time ago, but we have just been so busy lately we forgot all about it. The lab has since been retired, but knowledge and fun can be had from new-starter or experienced defenders wanting to learn more about VOIP hacking and/or forensics.
Walkthrough
1) What is the transport protocol
Answer:
UDP
2) The attacker used a bunch of scanning tools that belong to the same suite. Provide the name of the suite.
We guessed a popular SIP vulnerability tool
Answer:
Sipvicious
3) What is the User-Agent of the victim system?
Hint: Wireshark packet 2
Answer:
Asterisk PBX 1.6.0.10-FONCORE-r40
4) Which tool was only used against the following extensions: 100,101,102,103, and 111?
Answer:
svcrack.py
5) Which extension on the honeypot does NOT require authentication?
Answer:
100
6) How many extensions were scanned in total?
Hint:
cat log.txt |grep -A 10 "friendly-scanner" |grep "To:" |cut -f 2 -d "\""|sort|uniq|wc -l
2653
This produces 2653, however, the answer hint is ***2, either 100 is not counted? so we -1 from this answer
Answer:
2652
7) There is a trace for a real SIP client. What is the corresponding user-agent? (two words, once space in between)
Answer:
Zoiper rev.6751
8) Multiple real-world phone numbers were dialed. Provide the first 11 digits of the number dialed from extension 101?
Answer:
00112524021
9) What are the default credentials used in the attempted basic authentication? (format is username:password)
Answer:
maint:password
11) Which codec does the RTP stream use? (3 words, 2 spaces in between)
Answer:
ITU-T G.711 PCMU
12) How long is the sampling time (in milliseconds)?
Hint:
- Google G.711 sampling time
Answer:
0.125
13) What was the password for the account with username 555?
Answer:
1234
14) Which RTP packet header field can be used to reorder out of sync RTP packets in the correct sequence?
Answer:
timestamp
15)The trace includes a secret hidden message. Can you hear it?
Hint:
- Use wiresharks Telelphony plugin
Answer:
MEXICO
Share on: