From 63756bc800141b6b22d787ca7e1ed55a1124b7c1 Mon Sep 17 00:00:00 2001 From: h00die Date: Thu, 11 Oct 2018 16:17:01 -0400 Subject: [PATCH 1/2] add sip options_tcp docs --- .../auxiliary/scanner/sip/options_tcp.md | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 documentation/modules/auxiliary/scanner/sip/options_tcp.md diff --git a/documentation/modules/auxiliary/scanner/sip/options_tcp.md b/documentation/modules/auxiliary/scanner/sip/options_tcp.md new file mode 100644 index 0000000000..3b9ff679ad --- /dev/null +++ b/documentation/modules/auxiliary/scanner/sip/options_tcp.md @@ -0,0 +1,47 @@ +## Vulnerable Application + + SIP is a signaling protocol for voice, and video typically assoicatd with VOIP and typically used in commercial + phone systems. SIP and VOIP are gaining popularity with home and celluar voice/video calling systems as well. + + This module scans the TCP port to identify what OPTIONS are available on the SIP service. + +## Verification Steps + + 1. Start msfconsole + 2. Do: ```use auxiliary/scanner/sip/options_tcp``` + 2. Do: ```set rhosts [ip]``` + 4. Do: ```run``` + +## Scenarios + +### Cisco UC520 + + +``` +msf5 > use auxiliary/scanner/sip/options_tcp +msf5 auxiliary(scanner/sip/options_tcp) > set rhosts 2.2.2.2 +rhosts => 2.2.2.2 +msf5 auxiliary(scanner/sip/options_tcp) > run + +[*] 2.2.2.2:5060 - 2.2.2.2:5060 tcp SIP/2.0 200 OK: {"Server"=>"Cisco-SIPGateway/IOS-12.x", "Allow"=>"INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER"} +[*] 2.2.2.2:5060 - Scanned 1 of 1 hosts (100% complete) +[*] Auxiliary module execution completed +``` + +## Confirming using NMAP + +Utilizing the [sip-methods](https://nmap.org/nsedoc/scripts/sip-methods.html) script + +``` +nmap --script=sip-methods -p 5060 2.2.2.2 + +Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-11 15:44 EDT +Nmap scan report for 2.2.2.2 +Host is up (0.0036s latency). + +PORT STATE SERVICE +5060/tcp open sip +|_sip-methods: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER +MAC Address: 00:1B:8F:AA:AA:AA (Cisco Systems) +``` + From 149a74d07b09e7ca29c0b05d27fe8ca109e17f4b Mon Sep 17 00:00:00 2001 From: h00die Date: Sat, 13 Oct 2018 08:48:13 -0400 Subject: [PATCH 2/2] small fixes --- documentation/modules/auxiliary/scanner/sip/options_tcp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/documentation/modules/auxiliary/scanner/sip/options_tcp.md b/documentation/modules/auxiliary/scanner/sip/options_tcp.md index 3b9ff679ad..4b846871c9 100644 --- a/documentation/modules/auxiliary/scanner/sip/options_tcp.md +++ b/documentation/modules/auxiliary/scanner/sip/options_tcp.md @@ -1,7 +1,7 @@ ## Vulnerable Application - SIP is a signaling protocol for voice, and video typically assoicatd with VOIP and typically used in commercial - phone systems. SIP and VOIP are gaining popularity with home and celluar voice/video calling systems as well. + SIP is a signaling protocol for voice, and video typically associated with VOIP and typically used in commercial + phone systems. SIP and VOIP are gaining popularity with home and cellular voice/video calling systems as well. This module scans the TCP port to identify what OPTIONS are available on the SIP service. @@ -9,7 +9,7 @@ 1. Start msfconsole 2. Do: ```use auxiliary/scanner/sip/options_tcp``` - 2. Do: ```set rhosts [ip]``` + 3. Do: ```set rhosts [ip]``` 4. Do: ```run``` ## Scenarios