3CX Penetration Testing (VoIP hacking, DoS attacks)
Initial setup
We installed free version of 3CX PBX on our dedicated Windows server in Netherlands:
- version 15.5
- SIP port: 6080
- HTTP port: 5000; HTTPS port: 5001
- log into web UI
- add extension 001
- auth. user id = asWerfWER001
- password = 123456aSWQ
- extension 001 options - restrictions - Disallow use of extension outside the LAN = off
- download extensions
- edit extensions.csv
- add extensions 001..025
- set option "pbx delivers audio" = "1" in 3CX, as we want to test stability of RTP module
We perform tests with our
penetration test suite, and control QoS (uptime, quality of audio) with
SIP Tester.
- set up a test verifying quality: sip tester (extension 001) --> 3CX --> sip tester (extension 002). Extension 002 plays echo. Extension 001 plays an audio file and verifies response.
- add uac registrations (extensions) in sip tester. set expires=180 seconds
Updates
2018-12-08 See video how we do the penetration test
We start VoIP penetration testing (white hat hacking) of various VoIP software. Previously we have crashed FreeSWITCH (it was RAM overflow under DoS), now we continue with 3CX.
It looks stable under DoS attack (malformed/fuzzed SIP packets). We could not crash 3CX with RTP and SIP packets (about 100K packets / second), looks like they have good filters that block DoS attacks from one IP.
We will continue research.