Tweet
Calling it a 0-Day - Hacking at PBX/UC Systems
good_pseudonym, Hacker
| Demo, Exploit | 45
PBX (Private Branch Exchange) and UC (Unified Communications) servers are the big communication brokers in enterprise environments where they love on-prem. They do everything to enable internal and external communications including voice, video, conferencing and messaging. But a broader scope also means a broader attack surface.
In this talk, we'll give an overview PBX/UC systems, what kind of attack surface they have, as well as several bugs that we recently found in two popular PBX/UC products. The journey includes deep-diving Java's Runtime.exec(), decrypting encrypted PHP, bypassing license restrictions, pretending to be a phone, and (of course) getting some shells.
REFERENCES:
VoIP Wars: Attack of the Cisco Phones (DEF CON 22, Fatih Ozavci)
Hacking VoIP Exposed (Black Hat USA 2006, David Endler, Mark Collier)
good_pseudonym, Hacker
| Demo, Exploit | 45
PBX (Private Branch Exchange) and UC (Unified Communications) servers are the big communication brokers in enterprise environments where they love on-prem. They do everything to enable internal and external communications including voice, video, conferencing and messaging. But a broader scope also means a broader attack surface.
In this talk, we'll give an overview PBX/UC systems, what kind of attack surface they have, as well as several bugs that we recently found in two popular PBX/UC products. The journey includes deep-diving Java's Runtime.exec(), decrypting encrypted PHP, bypassing license restrictions, pretending to be a phone, and (of course) getting some shells.
REFERENCES:
VoIP Wars: Attack of the Cisco Phones (DEF CON 22, Fatih Ozavci)
Hacking VoIP Exposed (Black Hat USA 2006, David Endler, Mark Collier)
Comment