Voiphopper howto

archangel.amael · #1 (**permalink**) 02-18-2008, 09:31 PM

This is a small howto on installing voiphopper version 0.9.7

"VoIP Hopper is the answer to all voip solution providers who make people believe that VLANS is all you need to secure VoIP" - Sachin Joglekar, Sipera VIPER Lab

"VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments."

(SOURCE = Voiphopper readme.txt )

This tool was released at shmoocon this past weekend.

voiphopper

Download and save( I saved mine to "/root") Then use:

Code:

bt ~# tar xvfz voiphopper-0.9.7.tar.gz

This will "untar" and "ungzip" the package.

Code:

bt ~ # tar xvfz voiphopper-0.9.7.tar.gz
voiphopper-0.9.7/
voiphopper-0.9.7/Makefile
voiphopper-0.9.7/arp.c
voiphopper-0.9.7/buildmsg.c
voiphopper-0.9.7/cache.c
voiphopper-0.9.7/client.c
voiphopper-0.9.7/dhcpconfig.c
voiphopper-0.9.7/mac.c
voiphopper-0.9.7/netinfo.c
voiphopper-0.9.7/peekfd.c
voiphopper-0.9.7/signals.c
voiphopper-0.9.7/udpipgen.c
voiphopper-0.9.7/voiphopper.c
voiphopper-0.9.7/buildmsg.h
voiphopper-0.9.7/client.h
voiphopper-0.9.7/dhcpcd.h
voiphopper-0.9.7/kversion.h
voiphopper-0.9.7/mac.h
voiphopper-0.9.7/maclist.h
voiphopper-0.9.7/netinfo.h
voiphopper-0.9.7/pathnames.h
voiphopper-0.9.7/signals.h
voiphopper-0.9.7/udpipgen.h
voiphopper-0.9.7/LICENSE
voiphopper-0.9.7/README

Next "cd" to the directory where you saved it

Code:

bt ~# cd/root/voiphopper-0.9.7 #

and then use "make" to install it

Code:

 bt ~# cd/root/voiphopper-0.9.7 # make

You should see the following as the output

Code:

INSTALLATION
bt  voiphopper-0.9.7 # make
gcc -c voiphopper.c
gcc -c dhcpconfig.c
gcc -c buildmsg.c
gcc -c cache.c
gcc -c udpipgen.c
gcc -c peekfd.c
gcc -c client.c
gcc -c arp.c
gcc -c signals.c
gcc -c mac.c
gcc -c netinfo.c
gcc voiphopper.o dhcpconfig.o buildmsg.o cache.o udpipgen.o peekfd.o client.o arp.o signals.o mac.o netinfo.o -lpcap -o voiphopper
bt voiphopper-0.9.7 #

Usage looks like the following:

1. To sniff for CDP and run a VLAN Hop into the Voice VLAN, simply run VoIP Hopper on the Ethernet interface, in the following way:

Code:

voiphopper -i eth1

2. VoIP Hopper also allows one to VLAN Hop to an arbitrary VLAN, without sniffing for CDP. If you already know the Voice VLAN ID, or would like to VLAN Hop into another VLAN (without sniffing for CDP), you can run it in the following way:

Code:

voiphopper -i eth1 -v 200

3. To Discover the Voice VLAN in an Avaya IP Phone environment:

Code:

voiphopper -i eth1 -a

4. To spoof the MAC Address of an IP Phone by sniffing for CDP (this changes the MAC address of default interface and new interface):

Code:

voiphopper -i eth1 -m AA:AA:AA:AA:AA:AA

5. To spoof the MAC Address of an IP Phone using an Avaya DHCP request (this changes the MAC address of default interface and new interface) :

Code:

voiphopper -i eth1 -a -m AA:AA:AA:AA:AA:AA

6. To spoof the MAC Address of an IP Phone by VLAN Hopping without CDP or DHCP (this changes the MAC address of default interface and new interface):

Code:

voiphopper -i eth1 -v 200 -m AA:AA:AA:AA:AA:AA

7. To spoof the MAC Address of an IP Phone without changing the MAC Address of the default ethernet interface (only spoof the new voice interface's MAC Address):

Code:

voiphopper -i eth1 -v 200 -m AA:AA:AA:AA:AA:AA -D

(SOURCE = Voiphopper readme.txt )

Well I hope that helps you get started

Have fun and play nice

This tutorial is not all of my own work credits to:
AUTHOR
Jason Ostrom
And the other Developers.

archangel.amael · #2 (**permalink**) 03-22-2008, 01:41 AM

Was just in contact with Jason Ostrom Developer of voiphopper and there is a newer version available voiphopper 0.9.9
I upgraded to this version shortly after it came out.
However I did not update this tutorial.
Again the update is located here:
voiphopper

"Did you know there is a newer version,
0.9.9, with some new features and the functionality for CDP changed a
little bit?" - Jason Ostrom
The install process is pretty much the same as the older version.

Some infos pulled from the new readme

Quote:

It has been tested to dissect CDP packets on the following Cisco
IOS Ethernet Switch platforms:
1. Catalyst 3550
2. Catalyst 3560
3. Catalyst 3750
4. Catalyst 6513 with WS-X6148A-GE-45AF module

It has been tested to mimick the behavior of an Avaya 4620 IP Phone

Quote:

USAGE
Now there are two CDP modes for VoIP Hopper. Sniff (-c 0) and Spoof (-c 1).

1. To sniff for CDP and run a VLAN Hop into the Voice VLAN, simply run VoIP Hopper on the Ethernet interface, in the following way:
voiphopper -i eth1 -c 0

2. To Spoof CDP in order to more rapidly hop to the Voice VLAN in Cisco SIP environments, run VoIP Hopper in the following way:
voiphopper -i eth1 -c 1 -E 'SIP00070EEA5086' -P 'Port 1' -C Host -L 'Cisco IP Phone 7940' -S 'P003-08-8-00' -U 1

3. To Spoof CDP in order to more rapidly hop to the Voice VLAN in Cisco SCCP environments, run VoIP Hopper in the following way:
voiphopper -i eth1 -c 1 -E 'SEP0070EEA5086' -P 'Port 1' -C Host -L 'Cisco IP Phone 7940' -S 'P00308000700' -U 1

Also from the readme

Happy Hopping !

tek911 · #3 (**permalink**) 03-23-2008, 02:38 AM

Never a more timely post. I'm semi-gearing up for a voip assessment. As always very thankful for your post.

archangel.amael · #4 (**permalink**) 03-23-2008, 02:43 AM

Quote:

Originally Posted by tek911

Never a more timely post. I'm semi-gearing up for a voip assessment. As always very thankful for your post.

Great, let me know if you need some more infos or tools in the line of VOIP
I have been messing with them lately and I have a few more to go through and maybe do some posts on them.

Doesn't seem to be a lot of interest in it however it will come soon enough.

tek911 · #5 (**permalink**) 03-23-2008, 02:50 AM

Yes!!!! I'm currently reading through How to Cheat at VoIP Security. Its a little dated, i'm trying to get the baseline by reading the book then i'm going to hit RE & old shmoocon/BH/Dcon writeups and videos to stay a little more current. I'm making a lzm for voiphopper right now (at least im trying) ill put up the rapidshare link or something as soon as I get it all together. I'd like to put together a new VOIP lzm as the current sweet is showing its age (or its showing my ignorance on the subject so let me retract that without a little more digging into the bt3 files).

tek911 · #6 (**permalink**) 03-23-2008, 02:54 AM

Ok, so just compiled voiphopper, its a one program tool (duh) so i'll skip the lzm. I'll probably just bundle it in to my regular base install lzms but i might just try to put together an lzm of just voip tools.

archangel.amael · #7 (**permalink**) 03-23-2008, 03:26 AM

Quote:

Originally Posted by tek911

Yes!!!! I'm currently reading through How to Cheat at VoIP Security. Its a little dated, i'm trying to get the baseline by reading the book then i'm going to hit RE & old shmoocon/BH/Dcon writeups and videos to stay a little more current. I'm making a lzm for voiphopper right now (at least im trying) ill put up the rapidshare link or something as soon as I get it all together. I'd like to put together a new VOIP lzm as the current sweet is showing its age (or its showing my ignorance on the subject so let me retract that without a little more digging into the bt3 files).

Ok let us know how you get one with this lzm

as for more info try this one for right now, I have found lots of good info there:
http://www.voip-info.org/wiki/
I am going to try and work on a thread for others to share VOIP Info on here.

The_Denv · #8 (**permalink**) 03-24-2008, 08:05 AM

Very nice tutorial archangel.amael

I just added this to my personal archive, very informative. After reading this tutorial I think I might actually start researching VoIP security a bit more. Seems there is a lot of fun involved, you've caught my attention any how.

VoIP is really good, insecure but good. I told a few friends of mine about making free phone calls with VoIP and how to reuse the free trail VoIP applications, its made them very happy. Have not had the same interest in VoIP and VLANs since then, looks like it's time for me to start getting involved with it again

Cheers man!

archangel.amael · #9 (**permalink**) 03-24-2008, 07:03 PM

Quote:

Originally Posted by The_Denv

Very nice tutorial archangel.amael

I just added this to my personal archive, very informative. After reading this tutorial I think I might actually start researching VoIP security a bit more. Seems there is a lot of fun involved, you've caught my attention any how.

No problem glad you found it useful.

Quote:

VoIP is really good, insecure but good. I told a few friends of mine about making free phone calls with VoIP and how to reuse the free trail VoIP applications, its made them very happy. Have not had the same interest in VoIP and VLANs since then, looks like it's time for me to start getting involved with it again

Cheers man!

To be sure, lots of fun can be had with voip. also one can d/l vmware and use some app like trixbox to have phone fun as well.

Also some more infos are in the works and I did a small guide on sipvicious as well.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode