Hunting PBX For Vulnerabilities - Hack In Paris...Blind OS Command Injection Hunting PBX for...
Transcript of Hunting PBX For Vulnerabilities - Hack In Paris...Blind OS Command Injection Hunting PBX for...
Hunting PBX
For Vulnerabilities
Sachin WaghSecurity Analyst
Security Intelligence Team @ Symantec
Speaker at Hakon and Geek Street - Infosecurity Europe
Bug Hunter | Penetration Tester
Security Blogger
@tiger_tigerboy
Himanshu MehtaSenior Threat Analysis Engineer
Security Intelligence Team @ Symantec
Speaker at National Cyber Security Conference, Hakon & Geek Street - Infosecurity Europe
Advisory Board Member @EC-Council & Convetit
Bug Hunter | Penetration Tester
@LionHeartRoxx
Content
• What is PBX
• Features
• Searching
• Softphone
• Vulnerabilities
• Mitigations
Hunting PBX for Vulnerabilities
Private Branch Exchange
Hunting PBX for Vulnerabilities
Source:
http://www.cealcomz.co.za
Features
Hunting PBX for Vulnerabilities
• Call Forwarding• Call Transfer• Conference Calls• Automatic Call Delivery (ACD)• Voice Messaging• Call Queue ..etc
Searching
Hunting PBX for Vulnerabilities
Shodan:
Hunting PBX for Vulnerabilities
"NCH Software Axon Virtual PBX“
Call Details Records
Hunting PBX for Vulnerabilities
Censys:
Hunting PBX for Vulnerabilities
"FreePBX Administration“
Censys:
Hunting PBX for Vulnerabilities
"FreePBX Administration“
Hunting PBX for Vulnerabilities
Shodan:
Hunting PBX for Vulnerabilities
“polycom+command+shell“
File Transfer Protocol (FTP)
Hunting PBX for Vulnerabilities
Call Details Records
Hunting PBX for Vulnerabilities
Server Message Block (smb)
Hunting PBX for Vulnerabilities
Server Message Block (smb)
Hunting PBX for Vulnerabilities
Shodan:
Hunting PBX for Vulnerabilities
“port:23 console gateway -password“
Softphone
Hunting PBX for Vulnerabilities
Vulnerabilities
Hunting PBX for Vulnerabilities
TRIXBOX
Hunting PBX for Vulnerabilities
Blind OS Command Injection
Hunting PBX for Vulnerabilities
I AM NOT BLIND I’VE JUST SEEN ENOUGH
Hunting PBX for Vulnerabilities
Blind OS Command Injection [DEMO]
Hunting PBX for Vulnerabilities CVE-2017-14535
Path Traversal
Hunting PBX for Vulnerabilities
Hunting PBX for Vulnerabilities
Path Traversal [DEMO]
CVE-2017-14537
Hunting PBX for Vulnerabilities
Path Traversal [DEMO]
CVE-2017-14537
Cross-site Scripting
Hunting PBX for Vulnerabilities
source:gif-finder.com
Hunting PBX for Vulnerabilities
Cross-site Scripting [DEMO]
CVE-2017-14536
AXON
Hunting PBX for Vulnerabilities
Hunting PBX for Vulnerabilities
Cross-site Scripting [DEMO]
CVE-2018-11552
Local Code Execution
Hunting PBX for Vulnerabilities
Hunting PBX for Vulnerabilities
Local Code Execution [DEMO]
CVE-2018-11551
Hunting PBX for Vulnerabilities
Hunting PBX for Vulnerabilities
Local Code Execution [DEMO]
CVE-2018-11551
Hunting PBX for Vulnerabilities
Mitigations
POLICIES AND PROCEDURES :
SECURITY TRAINING
PASSWORD POLICY
INCIDENT RESPONSE PROCEDURE
OS LEVEL SECURITY :
PATCHES
APPLICATIONS AND SERVICES
PRIVILEGES
Hunting PBX for Vulnerabilities
Thank
You
Hunting PBX for Vulnerabilities