Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2

3
module Msf
4

5
###
6
#
7
# This module provides methods for working with the IAX2 protocol
8
#
9
###
10
module Auxiliary::IAX2
11

12
  #
13
  # Initializes an instance of an auxiliary module that uses IAX2
14
  #
15

16
  def initialize(info = {})
17
    super
18

19
    register_options(
20
      [
21
        OptAddress.new('IAX_HOST', [true, 'The IAX2 server to communicate with']),
22
        OptPort.new('IAX_PORT',    [true, 'The IAX2 server port', 4569]),
23
        OptString.new('IAX_USER',  [false, 'An optional IAX2 username']),
24
        OptString.new('IAX_PASS',  [false, 'An optional IAX2 password']),
25
        OptString.new('IAX_CID_NAME',  [false, 'The default caller ID name', '']),
26
        OptString.new('IAX_CID_NUMBER',  [true, 'The default caller ID number', '15555555555'])
27
      ], Msf::Auxiliary::IAX2 )
28

29
    register_advanced_options(
30
      [
31
        OptBool.new('IAX_DEBUG', [false, 'Enable IAX2 debugging messages', false])
32
      ], Msf::Auxiliary::IAX2 )
33

34
  end
35

36
  def connect
37
    @iax.shutdown if @iax
38
    @iax = Rex::Proto::IAX2::Client.new(
39
      :server_host    => datastore['IAX_HOST'],
40
      :username       => datastore['IAX_USER'],
41
      :password       => datastore['IAX_PASS'],
42
      :caller_name    => datastore['IAX_CID_NAME'],
43
      :caller_number  => datastore['IAX_CID_NUMBER'],
44
      :debugging      => datastore['IAX_DEBUG'],
45
      :context        => {
46
        'Msf'        => framework,
47
        'MsfExploit' => self
48
      }
49
    )
50
    @iax_reg = @iax.create_call()
51
    r = @iax_reg.register
52
    if not r
53
      @iax.shutdown
54
      @iax = nil
55
      raise RuntimeError, "Failed to register with the server"
56
    end
57
  end
58

59
  def create_call
60
    if not @iax
61
      raise RuntimeError, "No active IAX2 connection"
62
    end
63
    @iax.create_call
64
  end
65

66
  def cleanup
67
    super
68
    @iax.shutdown if @iax
69
  end
70

71
  # General purpose phone number mangling routines
72
  # Convert 123456XXXX to an array of expanded numbers
73
  def crack_phone_range(range)
74
    crack_phone_ranges([range])
75
  end
76

77
  def crack_phone_ranges(masks)
78
    res = {}
79
    masks.each do |mask|
80
      mask = mask.strip
81

82
      if(mask.index(':'))
83
        next if mask.index('X')
84
        rbeg,rend = mask.split(':').map{|c| c.gsub(/[^\d]/, '').to_i }
85
        rbeg.upto(rend) do |n|
86
          res[n.to_s] = {}
87
        end
88
        next
89
      end
90

91
      incdigits = 0
92
      mask.each_char do |c|
93
        incdigits += 1 if c =~ /^[X#]$/i
94
      end
95

96
      max = (10**incdigits)-1
97

98
      (0..max).each do |num|
99
        number = mask.dup # copy the mask
100
        numstr = sprintf("%0#{incdigits}d", num) # stringify our incrementing number
101
        j = 0 # index for numstr
102
        for i in 0..number.length-1 do # step through the number (mask)
103
          if number[i].chr =~ /^[X#]$/i
104
            number[i] = numstr[j] # replaced masked indexes with digits from incrementing number
105
            j += 1
106
          end
107
        end
108
        res[number] = {}
109
      end
110

111
    end
112

113
    return res.keys.sort
114
  end
115

116
end
117
end
118

119

120