VoIP - Cain
VoIP - Cain
VoIP and Cain
You've probably all heard of Cain and Abel by now, the Password Recovery program we all used back in High School to get passwords.
Cain has presented itself as a tool with capabilities far beyond just routine password cracking. With the advent of VoIP and the latest edition of Cain we can find some rather interesting new features.
First, find a wireless network around with a VoIP phone. It's suggested that you use YOUR OWN VoIP Phone, or someone else's that you have permission from. </legality>
Fire up Windows and open up Cain. When you're connected to a network. Activate the Sniffer and go to the Sniffer tab and click the plus sign, scan all hosts in the Subnet.
Look for any that match a VoIP phone, such as Cisco device or otherwise. If you can't find one then make sure that there is one in your house or a friends.
If you know there is a phone then you can safely just do the following to all devices on the network.
On the bottom find the Hazard sign, the APR tab. Click the Plus sign and select a device and the default gateway (Normally 192.168.1.1)
Once you have all the devices set up click the same sign at the top to start poisoning. To those new with Cain this is called a Man in the Middle Attack. You trick another computer into sending the information to you by manipulating the ARP tables (Cain does automatically) and using your computer as a gateway for all their sent information.
Now the interesting part of Cain is the VoIP tab. Have your friend call you and chat for a few minutes, or you call someone. Hang up and check this tab and Cain will have recorded the conversation and even does the favor of putting it in a .wav music file for you so you don't have to convert packets.
You can only imagine the possibilities off of this. I won't name off all the possible things you can do with recorded sessions, but I'm sure that anyone that has been hacking before should find loads of things to do.
Cain has many features, don't just think of it as a password recovery or newbie tool, it can be extremely useful if used correctly.
In the next Article we will discuss manipulating and splicing live calls with prerecorded audio or otherwise using SIP_rogue.
ghost 15 years ago
Great article man. What makes this article good is that it's about something practical. Sometimes in life you have to record conversations secretly. What better way to do it than this? :)
ghost 15 years ago
Great article man. What makes this article good is that it's about something practical. Sometimes in life you have to record conversations secretly. What better way to do it than this? :)
ghost 15 years ago
Not a bad article, a little simple for my liking, I would like to see the next one on live splicing though :D
ghost 15 years ago
I liked it. Informative, right on and easy to read. I'll have a smiley like everyone else. Hmm, which should I choose… I'm going for :happy:
ghost 15 years ago
Nice post. Good point about tools; namely, application of such differentiates script-kiddie and hacker.
ghost 15 years ago
I don't know what you mean Armadillo, but it seems like it's a common opinion lately that if you use tools, you're not a real hacker. This is far from the truth. Anything that will help me get my job done faster or more efficiently is useful. Think of a calculator. You think you're a math-script-kiddie for not knowing how to do inverse logs on paper? No.
ghost 15 years ago
If you can't do inverse logs on paper you're a pathetically mathematically inept n00b. Regardless though, disregarding the hopefully obvious sarcasm there… Tools are used all the time and there's no reason to make your own unless you want something specific done or if you modify an OS program to make it run your way.