VOIP

From Rory.wiki

Contents 1 VOIP 1.1 Nortel 1.1.1 Default Usernames and Password 1.1.2 VxWorks WDB Protocol 2 Links and Resources

VOIP

Nortel

Good resources for Nortel VOIP stuff are this cansec west 2007 presentation, this YSTS presentation and the security fundamentals doc from Nortel/Avaya

Original Nortel VOIP setups appear to run a signalling protocol called Unistim. This is a unusual protocol in that it essential treats the phone like a dumb terminal

Default Usernames and Password

There are a number of default usernames and passwords on this system.

ADMIN1 (also called PWD1 or default Level 1) - Password - 0000

ADMIN2 (also called PWD2 or default Level 2) - Password - 0000

PDT1 (also called PDT Level 1) - Password - thorsgr8

PDT2 (also called PDT Level 2) - Password - 2tdp22ler

Also apparently worth trying 1111 with the two ADMIN accounts. FWIW I've had success with PDT1 and 2

VxWorks WDB Protocol

some Nortel VOIP systems are based on VxWorks. There's an issue with that OS where there's a protocol running on port 17185/UDP which allows for memory dumps and RCE. Details on the Metasploit blog here

Links and Resources

VOIP default usernames and passwords

Good Tools List

sipvicious tools

VOIP Information Portal