XTest - VoIP Infrastructure Security Testing Tool
Darknet spilled these bits on September 4th 2008 @ 5:39 am
What is XTest?
XTest is a simple, practical, and free, wired 802.1x supplicant security tool implementing the RFC 3847 EAP-MD5 Authentication method. It can be used to assess the password strength within wired ethernet environments that rely on 802.1x to protect IP Phones and the VoIP Infrastructure against rogue PC access. XTest is developed in C and freely available to anyone, under the GPLv3 license.
Why XTest?
XTest was developed with the specific aim of improving the security of environments that use 802.1x to protect IP Phone endpoints and their supporting VoIP Infrastructure. With the increasing prevalence of 802.1x Supplicant support in wired hard Phones, 802.1x will be increasingly used to ensure that remote IP Phones placed in areas with low physical security will have their directly connected ethernet switch ports secured against unauthorized access.
Furthermore, the tool can demonstrate the danger of relying solely on 802.1x, because the current wired 802.1x implementation only requires authentication when the port initially comes up/up. Subsequent packets are not authenticated, allowing an attacker to share a connection on a hub with the valid 802.1x supplicant, allowing unauthorized switchport access.
Features
* 802.1x Supplicant: XTest can test the username and password against an 802.1x Authenticator (Ethernet Switch), and supports re-authentication. This is a simple and easy method of comparing the password against a valid 802.1x Supplicant running on an IP Phone or a PC.
* Offline pcap dictionary attacK: If you capture a valid 802.1x authentication sequence into a pcap file, XTest will run a dictionary attack against the pcap using a supplied wordlist. XTest will elicit the password from the pcap if the dictionary file containst the valid password.
* Shared Hub unauthorized access: Using a shared hub, XTest can use the successful authentication of a valid 802.1x supplicant to gain unauthorized access to the network.
Tested Platforms
802.1x Supplicants:
* Cisco Unified IP Phone 7971G-GE
* Cisco Unified IP Phone 7961G-GE
* Cisco Unified IP Phone 7941G-GE
* Cisco Unified IP Phone 7942G
* Cisco Unified IP Phone 7945G
802.1x Authenticator:
* Cisco Catalyst 3560 (WS-C3560G-24PS)
Radius Server:
* CiscoSecure ACS 4.1
You can download XTest here:
xtest-1.0.tar
Or read more here.
ShareThis
Tags: hacking voip, Network Hacking, voip auditing, voip infrastructure security, voip infrastructure testing, voip testing, xtest
rss Subscribe to Darknet RSS Feed rss
Stored in: Hacking Tools, Network Hacking
Related Posts:
- VoIP Security Testing Tools List from VoIPSA
- SIP Proxy - VoIP Security Testing Tool
- VoIP Hopper - VLAN Hopping Tool
- rtpbreak 1.3a Released - RTP Analysis and Hacking
- Penetration Testing vs Vulnerability Assessment
- WSFuzzer - Web Services Fuzzing Tool for HTTP and SOAP
url:http://www.darknet.org.uk/2008/09/xtest-voip-infrastructure-security-testing-tool/
Subscribe to:
Post Comments (Atom)
1 comment:
Hi All!
I'm selling fresh & genuine SSN Leads, with good connectivity. All data is tested & verified.
Headers in Leads:
First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank NAME | DL Number | House Owner
*You can ask for sample before any deal
*Each SSN lead will be cost $1
*Premium Lead will be cost $5
*If anyone wants in bulk I will negotiate
*Sampling is just for serious buyers
Hope for the long term deal
For detailed information please contact me on:
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
Post a Comment