h00die
1.5 KiB
1.5 KiB
Vulnerable Application
SIP is a signaling protocol for voice, and video typically associated with VOIP and typically used in commercial phone systems. SIP and VOIP are gaining popularity with home and cellular voice/video calling systems as well.
This module scans the TCP port to identify what OPTIONS are available on the SIP service.
Verification Steps
- Start msfconsole
- Do:
use auxiliary/scanner/sip/options_tcp - Do:
set rhosts [ip] - Do:
run
Scenarios
Cisco UC520
msf5 > use auxiliary/scanner/sip/options_tcp
msf5 auxiliary(scanner/sip/options_tcp) > set rhosts 2.2.2.2
rhosts => 2.2.2.2
msf5 auxiliary(scanner/sip/options_tcp) > run
[*] 2.2.2.2:5060 - 2.2.2.2:5060 tcp SIP/2.0 200 OK: {"Server"=>"Cisco-SIPGateway/IOS-12.x", "Allow"=>"INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER"}
[*] 2.2.2.2:5060 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Confirming using NMAP
Utilizing the sip-methods script
nmap --script=sip-methods -p 5060 2.2.2.2
Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-11 15:44 EDT
Nmap scan report for 2.2.2.2
Host is up (0.0036s latency).
PORT STATE SERVICE
5060/tcp open sip
|_sip-methods: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
MAC Address: 00:1B:8F:AA:AA:AA (Cisco Systems)