Voip & multymedia security project log submission
Yüklə 7,58 Kb.
|
VOIP & MULTYMEDIA SECURITYPROJECT LOG SUBMISSIONBYMAHIDHAR PENIGIBHANU REDDY BATTAPURAMProject LogOur project is Penetration testing. The team members of the project are Mahidhar Penigi Bhanu Reddy Battapuram We performed our project for a duration of 4 weeks and we usually met on Thursdays, Fridays, Saturdays in the lab First week: - In the project we mentioned the following Enumeration Fuzzing
Flooding Capturing authentication In the first week we read about them, what exactly these are, how do the tools perform, where we can download. The first week is all about the reading various papers,journals, books and watching the videos about how to implement. We downloaded various tools and tried to explore few things.
In the second week we met only two days in the lab. We discussed about how we are going to share the work and we got a clear idea of how we gone perform. So we started with the Enumeration tool. The reason we used enumeration tool is for information gathering and we started using SMAP. SMAP is combination of SIPSAK and NMAP. But SMAP was a total failure, we could not able to download tool in the Kali, the tool is only available for windows but it only performs mapping between the devices. So the first tool gave us a big disappointment. But later we tried with other enumeration tools like Sipsak, Netcat. So we finally decided to use Netcat for the enumeration. There are many reasons for using Netcat as our tool because of its various capabilities. Using Netcat we can able to assign a local port to the application programs. So we successfully implemented.
In the third week we met on Thursday and now we have a road map for the other implementations. We started trying the flooding attack using a tool invite flood. This tool is pre-installed in Kali and only challenge left is how to perform the attack. We read the syntax and later moved to an implementation. We configured two phones and tried to implement the attack. We could not able to call between the two phones when we performed the attack. Since this tool has various features we performed other attack called flooding the messages in the given extension. So thus we could successfully implement. This week we also performed other attack called Fuzzing. The tool we used is Asteroid. This tool gave us new doors to extend the project. We did not think of the capability of this tool and tried to implement directly on our asterisk server. When we implemented this tool on our asterisk server, we could not realize that it is going to shut down the network and later we tried only with the SIP phones. This gave us a lot of experience about what the attacker can do with this tool. Fourth week: - This week is the final week to wrap up all the things. Coming to this week we are left with the authentication attack. Here we used SIPDUMP tool. Initially we could not able to perform since we found fluctuating results, but later we learned about this and could able to implement. This tool can also broadly expanded like getting usernames and passwords. This attack took a long time when compared to the other attacks performed. In this week we also prepared the presentation and checked all the attacks again. Yüklə 7,58 Kb. Dostları ilə paylaş:
|