Nearly 10 years ago, in 2006, Champ Clark III (a.k.a.Da Beave) wrote a cool open sourcewar dialer called iWar. The really cool thing about about iWar is that it supports IAX2 so that you can make low cost calls using VoIP, which has really never been done before. Research done byTelephreak using this tool was presented at the 7th annual Hackers On Planet Earth conference H.O.P.E. (“The Last Hope”) in 2008 in a talk called “Hacking International Networks and Systems via VoIP.” About the same time, the 3rd edition of “Hacking Exposed” was published which also featured iWar. Da Beave co-authored a book of his own that year, “InfoSecurity 2008 Threat Analysis.”
Run the following commands as root from the iaxclient-01-12-2006-beave/lib directory:
# cp libiaxclient.a /usr/lib
# cp iaxclient.h /usr/include
# cd ../iwar-0.071
# make install
Stay tuned for the instructions on tying iWar into Asterisk for VoIP war dialing.
Updated 8/19/2015 - More Background Information on iWar IAX2 VoIP Build Challenges:
From researching my challenges, and those had by many other people, mostly struggling to build the iaxclient dependency for iWar, I documented most of the build problems I could find. I was able to build the iaxclient with the following dependencies versions:
speex-1.2beta1 (Note: This specific version of speex is needed do to a code change in the releases following this version)
All of the dependencies with the exception of speex were built from source using the current version at the time of writing this post. If you have already installed the latest version of speedx and are now reading this because iaxclient will not build, go to the /usr/local/lib and do a “rm *speedx*” and now rebuild speex-1.2beta1 and you will be able to build the iaxclient now.
Building iaxclient from source is not good enough. You now need to patch iaxclient from a patch that is provided in the iWar-0.071/patch directory. Vincent Passaro has updated theREADME.IAX2 last year in 2014 as part of hisGitHub project to port iWar to OSX. Vincent makes some interesting notes about build the iaxclient:
“At this point in time, the IAXClient library appears to only compile under Linux, Solaris, MacOS X and Win32 environments. It might not be difficult to port the library to BSD (Open/Free).”
I was unable to apply the iWar-0.007/patch as outlined in Vincent’s updatedREADME.IAX2. The process would hang when I ran the “patch -p0 < (Where iWar source is)/patches/iax2-stderr-patch” command. I decided that finding a copy ofiaxclient-01-12-2006-beave.tar.gz would be easier. It was, however, this version of iaxclient needs to be modified slightly in order to probably build. Please see the “Lighting Quick Build Instructions For the Lazy” instructions above to get around this issue.
Lastly, once I was able to get the already patched version of iaxclient (iaxclient-01-12-2006-beave.tar.gz) to build, iWar would not build on the Unbuntu 14 x64 box I was using. From readingthis thread on iWar mailing list archive, other people are having trouble getting iWar to build on Ubuntu x86 and x64 versions, as well as other Debian based systems. In this email threadPierre Emeriaud pointed out he was able to get iaxclient to build on Ubuntu by making similar changes outlined in the Lighting Quick Build Instructions For the Lazy” instructions above. Pierre provided adiff.tar.gz file with the changes made. I haven’t had a chance to look at this yet. I’m assuming Pierre was able to somehow get iWar to build on Ubuntu but the instructions he wrote on that thread was for just buildingiaxclient-01-12-2006-beave.tar.gz.
Vincent’s Complete Build Instructions for iWar’s iaxclient Dependency:
iWar is the first (to my knowledge) "war dialer" to support VoIP. In particular the IAX2 (Intra-Asterisk eXchange) protocol. IAX2 support can be build into iWar using the wonderful "iaxclient" library, which is available at http://iaxclient.sourceforge.net. Using IAX2 will allow you to "war dial" without any additional equipment (ie - hardware modem).
At this point in time, the IAXClient library appears to only compile under Linux, Solaris, MacOS X and Win32 environments. It might not be difficult to port the library to BSD (Open/Free). Download instructions: ----------------------
First, you'll need to pull down the IAXClient source code. At this time, IAXClient source code is only available via CVS. Lately, the Sourceforge CVS servers have been anything but reliable, so I've included several methods to get the source. 1. IAXClient CVS HEAD. This is the cutting edge of development for the IAXClient. With that, it may or may not function correctly. To get the source via CVS, do the following: $ cvs -d:pserver:
:/cvsroot/iaxclient login When prompted for a password, hit "enter". The IAXClient site says to type "anonymous" as the password. If "enter" doesn't work, try "anonymous". To download the source, type: $ cvs -z3 -d:pserver:
:/cvsroot/iaxclient \ co -P iaxclient This should begin downloading the source. 2. IAXClient via "snapshot". There is a older IAXClient "snapshot" available. iWar appears to be compatible with the current CVS HEAD (as of 01-12-2006), but this snapshot was used during development due to some stability problems. The snapshot is at: http://iaxclient.sourceforge.net/snapshots/iaxclient.tar.gz This snapshot requires a small custom patch (which I wrote). The patch is available with iWar in the (iWar directory)/patches/ iax2-stderr-patch). To apply the patch, do the follow: $ tar -zxvf iaxclient.tar.gz # unpack the archive $ cd iaxclient/lib/libiax2/src $ patch -p0 < (Where iWar source is)/patches/iax2-stderr-patch 3. Downloading Beave's pre-patched IAXClient. I've made available the version I used to develop iWar with. This is pre-patched and ready to compile. You can download this from: http://www.softwink.com/iwar/download/iaxclient-01-12-2006-beave.tar.gz or ftp://ftp.vistech.net/pub/iwar/iaxclient/iaxclient-01-12-2006-beave.tar.gz Once downloaded, untar the archive: $ tar -zxvf iaxclient-01-12-2006-beave.tar.gz Build Instructions: ------------------- No matter your download method, build instructions are all the same: cd iaxclient/lib make # or gmake if under BSD Now we install the library/headers needed by iWar. As "root" type: # cp libiaxclient.a /usr/lib # cp iaxclient.h /usr/include # ldconfig If everything has gone well, you can now continue to compile iWar as normal!
Identifying the systems to which a specific account
Determining the systems that communicated with a
specific Internet IP address
Tracking domain name resolution attempts
Identifying indicators of compromise across the environment
Six questions the lead IR responder is asked by executives:
What information was exposed?
Do I need to notify regulators or customers?
What is the extent of the compromise
How much money did we lose?
How did the attacker gain entry?
How do we effectively stop the attack and remove the attacker?
Questions the lead IR responder needs to answer during an investigation:
When and what was the earliest evidence of compromise?
How did the attacker gain entry?
What is the latest evidence of attacker activity?
What systems are (or were previous) under the attacker’s control?
What systems did the attacker access?
What actions did the attacker execute on the systems with which he interacted?
How does the attacker maintain access to the environment?
How does the attacker operate inside of the environment?
What tools has the attacker deployed?
What accounts did the attacker compromise?
Aldridge talk continues with providing strategies, for obtaining the five capabilities outlined above, so an Incident Responder can effectively answer the questions. Obviously the sooner an organization has the capabilities the better they will be at responding to a breach incident.
The “BadUSB” research presented at Black Hat 2014 by Karsten Nohl and Jakob Lell demonstrated how they
can completely take over a computer simply by plugging in a USB device such as
a thumb drive. They accomplished this by reprogramming the
microcontrollers inside the USB device, to repurpose them so they can take full
control of a computer.Since the
vulnerability is in the actual hardware of the USB device, it is possible to
completely evade antivirus by sending only clean copies when antivirus software
reads from the device, or simply not send any data at all.
There is no
simple solution to remediate all of the vulnerabilities presented, Nohl and
Lell held back releasing any proof-of-concept tools for other security researchers
to experiment with.
Adam Caudill and Brandon Wilson have since reversed
the same USB vulnerabilities and presented their research
at the Derby Con security conference last week.
Unlike Nohl and Lell, they have released proof-of-concept tools. From an article in Wired:
“The belief we have is that all of
this should be public. It shouldn’t be held back. So we’re releasing everything
we’ve got,” Caudill told the Derbycon audience on Friday. “This was largely
inspired by the fact that [SR Labs] didn’t release their material. If you’re
going to prove that there’s a flaw, you need to release the material so people
can defend against it.”
“There’s a tough balance between
proving that it’s possible and making it easy for people to actually do it,” he
says. “There’s an ethical dilemma there. We want to make sure we’re on the
right side of it.”
Responsible disclosure is once again in the
spotlight for information security. What
should that process look like if there is no easy fix for a vulnerability discovered?
Despite having heartbleed branding logo all over the cover, in typical 2600 fashion, heartbleed is not mention once, even in the letters.
The following is a summary of the 2600 Summer 2014 volume 31, number 2:
cDc liked heavy metal
Tprophet fires some poor guy and raises a Bell CO style “carrier hotel” temperature to 130 degrees because of AZ (true story)
Half of an exploit for connecting to Minuteman III nuclear missile silos by broadcasting DTMF tones over UHF frequencies
Compression before encryption
A 14 line python script to view a web page safely, if lynx is too easy for you
The deepest psycho analysis of the movie diehard you will ever read
Raspberry pi home lighting
Summary of Mandiant APT report
16 year old I'm a hacker now story
Homeless computer repair guy stories
Apple gets unasked for security audit lulz
SanDisk Connect Wireless root password (sqn1351)
A way too long story about a standard toilet
Ransomware 101 security tips
Si-Fi authors who write about Hackinh/Future
Standard White hat/Black hat ranting
Some fictional story about botnets and raids of virtual worlds wearing VR helmets
Authors: Emmanuel Goldstein, Bob Hardy, Dabu Ch’wald,
D.B. LeCone-Spink, Brett Stevens, The Prophet, Bab Bobby’s Basement Bandits,
Spacedawg, Sh0kwave, Gregory Porter, Michael Post, Jim L, Tyler Frisbee, eyenot,
lg0p89( two articles), ook, Toilet Fixer 555C, Jason Sherman, the Piano Guy,
Letters submitted by:Yuval Nativ, RP, Daniel, Kevin, A curious person,
The Professor, Estragon, Wolf Bronski, Bill Miller, Sol, J Thompson, Dave,
Robert, Jerry listening on WBAI, Tyler Frisbee, //j, Oliver, Chris, Brad,
Richard Cheshire Phreak & Hacker, Scott, David, zenlunatic, Stacy, Mike,
Will(NameBrand), Budo, Seymour, Name Deleted, Jared, John, Shocked998, Hunter, Darwin,
3, Variable Rush, Chris, Sh0kwave, David, Screamer Chaotix, Pic0o, ghostguard,
Margaret, nico, Julia Wunder Cybertron Software, Nick Grey, Charlotte &
Michael Ossmann, the
researcher behind the radio testing tool HackRF, and the Bluetooth testing
tool Ubertooth, is now
working on research to recreate the NSA spying devices, from the ANT Catalog, as open
source projects. Michael presented his research at the
Hack In The Box security conference in the Netherlands.