Bruteforcing SIP extensions with Metasploit

Hi, some time ago I published this post about VoIP information gathering with Metasploit. For a minimal pentesting process, a module capable of bruteforcing discovered extensions password is needed. So I have developed it, if you know SIPvicious suite this module provides sipcrack tool features.

Based on available SIP related modules I implemented SIP Digest Authentication algorithm and Msf::Auxiliary::AuthBrute mixin does the magic with possible user/password combinations. This picture shows an example of use in which extension 100 password is discovered (100).

Source code:

In case you use the module outside a LAN is strongly recommended to add you external IP address (option "EXTIP"), trying to avoid SIP and NAT problems.

Bye ;)