Sandro Gauci’s Videos
-
Flash Operator Portal Enumeration
01:21346 Plays / 0 Likes / 0 Comments
The flash operator portal (FOP) is part of FreePBX and derivative PBX servers (Trixbox etc). By default allows enumeration of extensions on the PBX.
+ More details -
Cisco Unified Communications Manager (CUCM) jailbreak
04:192,919 Plays / 0 Likes / 0 Comments
The CUCM provides a restricted IOS-like shell that does not allow root or system access. This module breaks out of this restrictive shell, giving you root access through MOSDEF.
+ More details -
00:39522 Plays / 0 Likes / 0 Comments
This module scans for Cisco phones on the target network by making use of two methods - HTTP scanning and reverse DNS lookup.
+ More details -
01:322,822 Plays / 0 Likes / 0 Comments
A quick introduction to svcrash - a new addition to SIPVicious v0.2.6. This new tool allows system administrators etc to stop unauthorized attacks launched using svwar.py and svcrack.py (also part…
+ More details -
Demo of a cross site scripting in dotDefender's admin interface
03:381,640 Plays / 1 Likes / 0 Comments
This is part of an advisory published at: http://resources.enablesecurity.com/advisories/ES-20100601-dotdefender4.txt This video demo shows how an attacker may be able to force the administrator…
+ More details -
02:07586 Plays / 0 Likes / 0 Comments
Some PBX servers and gateways are configured insecurely and allow anonymous callers to make calls. This module will try to make a phone call using various prefixes. sipopenrelay is part of EnableSecurity…
+ More details -
VOIPPACK: How to bypass alwaysauthreject
01:35711 Plays / 0 Likes / 0 Comments
The latest Asterisk PBX servers have an option "alwaysauthreject" which disables enumeration of extensions/users on the PBX. This new tool, included with VOIPPACK, bypasses this option. Bypassalwaysreject…
+ More details -
VOIPPACK: Updates in SIP Digest Leak tool
01:15362 Plays / 0 Likes / 0 Comments
SIP Digest Leak is part of EnableSecurity VoIPPack which is an addon for Immunity CANVAS. The SIP Digest Leak tool now supports 2 new options: Zerolen SDP, which makes exploitation faster and support…
+ More details -
01:07184 Plays / 0 Likes / 0 Comments
A simple script that exploits DotDefender, called dotattacker. It sends an HTTP request to a website protected by DotDefender, with a "host" header that contains html tags. The log viewer renders…
+ More details -
Automated Asterisk penetration testing using IAX2Autohack
03:48774 Plays / 0 Likes / 0 Comments
IAX2Autohack is part of EnableSecurity VoIPPack which is an addon for Immunity CANVAS. IAX2 is the protocol used by Asterisk PBX to communicate with other Asterisk boxes or with IP Phones. This demonstration…
+ More details -
-
00:57665 Plays / 0 Likes / 0 Comments
A demo showing how easy it is to make use of the upcoming voipscanner webapp
+ More details
Browse Videos
Here are all of the videos that Sandro Gauci has uploaded to Vimeo. Appearances are videos that Sandro Gauci has been credited in by others.
Also Check Out
More stuff from Sandro Gauci