• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
nullcon 2011 - Chupa Rustam

nullcon 2011 - Chupa Rustam



Chupa Rustam by Abhijeet Hatekar

Chupa Rustam by Abhijeet Hatekar



Total Views
Views on SlideShare
Embed Views



1 Embed 52

http://null.co.in 52



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    nullcon 2011 - Chupa Rustam nullcon 2011 - Chupa Rustam Presentation Transcript

    • http://null.co.in/ http://nullcon.net/
    • Remember these Titans???
    • Spying was a manual labor!
    • Spying has become digital
    • MeetAbhijeet Hatekar
    • A Geek who works forWho happens to be a hardcore Linux Guy
    • Delves into…
    • Loves to developNew Security /Hacking Tools
    • Also, a good cook!
    • I was at
    • Where I developed tools like… oat.sf.net
    • Presented papers at…
    • And active contributor fora magazine
    • Can be followed at my blogand reached at my website: www.chackraview.net
    • What bringsme here?
    • What bringsme here?
    • What bringsme here?
    • What bringsme here?
    • What bringsme here?
    • Let’s go a step ahead
    • Unified Communication
    • VoIP is a piece of technical excellence
    • VoIP BenefitsCost efficientFlexibilityFeature richSimple and Scalableinfrastructure
    • Competition: a Goose race To provide rich features, Slick boxes within slim timeline; vendors often overlook security issues.
    • VoIP Attack Vectors Eavesdropping Denial of Service(DOS) Call Hijack Call Teardown Call Fraud Media Manipulations Codec Manipulation
    • What’s at stake???Money Data Reputation and faith &...
    • YOU
    • Let’s focus on something more interesting!
    • Prologue
    • Major Global Video Phone Solutions Providers
    • Why Grandstream???CheapReliableFeature Rich
    • Features ofGrandstream Video Phone
    • nmap scan
    • The Awareness Hurdle Non-aware 95%
    • The Hack Begins….
    • Login Authentication
    • Survey Facts 78% people do not change the default password. Out of remaining 22%, 42.98% just increment a number. e.g.Password1, admin2 etc. Source: Symantec Inc.The Password 75% of social networking username and password samples collected online were identical to those used for emailleaks some accounts. 69.30% people write down their password to remember.facts ☺ Source: www.securityweek.com 63% people do not change their password often. Source: www.cnet.com
    • The Wireshark Trace
    • The Wireshark Trace
    • The Research
    • After burning the midnight oil over couple of smokes Grey cellsPacket captures I found out different interesting configuration variables.
    • The Research: Mapping Configuration VariablesP2 = passwordP97 = iLBC Frame sizeP927 = Video packet sizeP39 = local RTP portP928 = ??? <interesting>
    • The ResearchThese variables correspondto some features directlyaffecting the Grandstreamphone.Among all the variables,P928caught my attention becauseas soon as I set that variable.
    • The Research:2nd nmap Scan
    • The Research P928 starts RTSP server on phone Can stream video from the video phone camera User is not aware of this and moreover User cannot control it from phone menu
    • Cracking SRTP Authentication • Phone tries to authenticate RTSP client • http digest authentication mode • QoP is only auth and not auth_int(little safe) • Vulnerable to MiTM and password brute force attacks
    • So far I have not seen thisroom getting intothe sleeping zone…I believe then it’s not thatboring ☺
    • SynopsisCrack web password Enable RTSP Server Crack RTSP authentication Profit / fun
    • Presenting
    • Chupa Rustam Fundamentals Written in “C”.. Uses libvlc For Linux Platform
    • Generic Grandstream Remote administrationweb cracking support of surveillance feature Chupa Rustam FeaturesRTSP password cracker SSL support
    • Getting back to“something more interesting”…
    • Titans are back… with ninja skills!
    • Worldwide Usage ofGrandstream Video PhonesGrandstream GXV 3xx Series Clients
    • Lessons Learned for VendorsUse strong authenticationmechanismsDocument all features and securethemprovide features only if necessary
    • Lessons Learned for End Users Change default passwords to something better than alphanumeric There is no fix for the human stupidityDON’T bring video phones to your bedroom ☺
    • How can I get Chupa-Rustam?http://tools.chackraview.net/chuparustam
    • Got questions??? Hit ‘em!
    • Thank You & Stay safe!ahatekar@microsoft.com