Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm
Tuesday, September 10, 2019
Edit
Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm - Hi friends mederc, In the article that you read this time with the title Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts
Article Adidnsdump,
Article Browsers,
Article Configuration,
Article Credentials,
Article CUCM,
Article iCULeak,
Article iCULeak.py,
Article Leaked, we write this you can understand. Alright, happy reading.
Title : Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm
link : Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm
Installation
To install the tool:
Usage:
Run iCULeak.py against phones amongst hostnames flora inwards the DNS zone
Run iCULeak.py against a listing of phones provided inwards a file
Flags:
You are now reading the article Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm with the link address https://mederc.blogspot.com/2019/09/iculeak-tool-to-detect-together-with.html
Title : Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm
link : Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm
Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm
Tool to respect as well as extract credentials from telephone configuration files inwards environments managed past times Cisco's CUCM (Call Manager).
When using Cisco's CUCM (Call Manager), telephone configuration files are stored on a TFTP server. These telephone configuration files quite oft incorporate sensitive data, including telephone SSH/admin credentials.
There is also an number amongst how closed to browsers autofill fields such every bit the SSH Username & Password fields amongst their CUCM credentials (commonly their AD credentials), if the administrator has saved the credentials inwards their browser. This number has also been faced past times administrators using password managers that automatically plug inwards credentials, where they flora that their credentials were beingness automatically inputted into the SSH Username & Password fields, as well as thence beingness saved (and stored inwards plaintext inwards the configuration files).
While the number was fixed inwards CUCM 12.0, credentials stored inwards the past times may withal travel discoverable.
The number tin flame travel somewhat mitigated past times the next actions:
- Regularly purging existing configuration files from leaked credentials.
- Blocking autosave/autofill on CUCM.
- Enabling encryption of telephone configuration files. Read to a greater extent than on that here. Note that this doesn't completely mitigate the issue, every bit the encryption password could travel obtained from the phones' retention or through administrative access of CUCM.
This tool utilises a lot of code from Dirk-jan's tool adidnsdump to extract a listing of telephone hostnames from ADIDNS over LDAP. To read to a greater extent than aboout the technique as well as tool, yous tin flame read the associated weblog post. So credit goes to him for a lot of the code.
Installation
To install the tool:
git clone https://github.com/llt4l/iCULeak.py cd iCULeak.py pip install -r requirements.txt
Usage:
Run iCULeak.py against phones amongst hostnames flora inwards the DNS zone
python iCULeak.py -u domain\\llt4l -c 10.100.1.29 10.100.1.1
python iCULeak.py -l phones_hostnames -c 10.100.1.29 10.100.1.1
- View the assistance page amongst
-h
or--help
- Pass the username of the user that volition authenticate to ADIDNS amongst the
-u
or--user
flags. The user should travel preceded past times the user's domain, thence it should expect something similar this:domain\\llt4l
. This flag is optional if a listing is passed instead. - Pass the password to the computer programme amongst the
-p
or--password
flag. If yous create non operate past times it every bit an argument, but create operate past times a username, thence the computer programme volition prompt for a password when run . - The IP address or hostname of the CUCM server should travel passed to the computer programme amongst either the
-c
or--cucm-server
flag. If, for whatever reason, the TFTP server beingness used past times CUCM to shop telephone configuration files is flora on closed to other host, delight furnish that address. - Provide a file that contains a listing of telephone hostnames amongst the
-l
or--list
flag. The file should only travel a listing of telephone hostnames, such that each draw of piece of job would expect something similarSEP112233445566
. - If you'd similar to save the results to a CSV file, operate past times the
-s
or--save
flag along amongst the filename to travel saved to. - By default iCULeak.py checks credentials leaked for validity inwards the AD. To disable authentication attempts beingness made to verify the leaked credentials, operate past times the
-nA
or--no-authentication
flag. - To save all the telephone configuration files dumped to a directory, operate past times the
-O
or--out-dir
flag, along amongst the lift of the folder yous desire to salve it to. - For increased verbosity, yous tin flame operate past times the
-v
or--verbose
flag. - If the DNS entries for the phones are inwards a different DNS zone to the default zone of the domain yous are authenticating against, yous tin flame operate past times the zone along amongst the
-z
or--zone
flag.
Thus the article Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm
That's all the article Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm this time, hopefully can benefit you all. okay, see you in another article posting.
You are now reading the article Iculeak - Tool To Detect Together With Extract Credentials From Call Upwards Configuration Files Hosted On Cisco Cucm with the link address https://mederc.blogspot.com/2019/09/iculeak-tool-to-detect-together-with.html