CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/gather/asterisk_creds.md
Views: 1904
Description
This module retrieves SIP and IAX2 user extensions and credentials from Asterisk Call Manager service.
Valid manager credentials are required.
Vulnerable Application
Asterisk offers both classical PBX functionality and advanced features, and interoperates with traditional standards-based telephony systems and Voice over IP systems.
This module has been tested successfully on:
Asterisk Call Manager version 2.10.0 on Asterisk 13.16.0
Asterisk Call Manager version 1.1 on Asterisk 1.6.2.11
The following software comes with Asterisk preinstalled and can be used for testing purposes:
Note that Asterisk will reject valid authentication credentials when connecting from a network that has not been permitted using the permit
directive (or is specifically denied in the deny
directive) in the Asterisk manager configuration file /etc/asterisk/manager.conf
.
Verification Steps
Start
msfconsole
Do:
use auxiliary/gather/asterisk_creds
Do:
set rhost <RHOST>
Do:
set rport <RPORT>
(default:5038
)Do:
set username <USERNAME>
(default:admin
)Do:
set password <PASSWORD>
(default:amp111
)Do:
run
You should get credentials