Archive for the ‘hack the planet!’ Category

Automatically configuring Snom VoIP Telephones for Asterisk

Sunday, April 27th, 2008

If you configure VoIP Telephones for use with the Asterisk PBX you usually have to edit at least three places: sim.conf, extensions.conf ant the phone itself. I wanted a way to have configuration at a single place like this:

# MAC       TelNr SIP-Username   Monitor Caller-IDs       Realname
0004132620A2 4130 pudel          4623,4629,4677,4630      Carsten Pudel
000413262E20 4110 bibo           4132,4116,4124,4131,4138 Birgit Bonrath
0004132620a7 4111 edornseif      4122,4137,4901,4611,4133 Evelyn Dornseif
00041323B063 4112 mdornseif      4110,4132,4116,4124      Dr. Dornseif

MAC is the MAC-Address (can be found under the phone below a barcode), TelNr is the desired extension where this phone should be reachable, SIP-Username is the sip user name you wish to use for this phone. Monitor Caller-IDs is the list of other phone numbers (up to 8) which should be monitored via the special buttons on the right of a Snom telephone.

The Python script snom.py reads the configuration shown above from a file called snom.txt. It then generates a lot of new configuration files:

sip-snom.conf SIP Account information, usually put into sip.conf by typing #include sip-snom.conf
extensions-snom.conf Dialplan information, usually put into your extensions.conf by typing #include extensions-snom.conf in your [default] context.
extensions-intercom-snom.conf Generates a context [intercom-allsnoms] which allows you to speak a messge through the loudspeakers of all your snome phones. Include it in your extensions.conf with something like exten => 1234,1,Goto(intercom-allsnoms,s,1)
dhcpd-snom.conf can be used by your dhcp-Server to give out reasonable adresses to your snom phones
phonebook-snom.txt A phone book in Trac Wiki Syntax.
snom/phonebook.xml Phonebook in XML Format used by Snom Phones
snom/snom3×0-000413XXXXXX.htm Configuration for phone with the MAC-Address 000413XXXXXX
snom/snom3×0-keys-ZZZZ.pdf Keyboard Layout for Phone with Extension ZZZZ. Needs ps2pdf from the Ghostscript package

To make Snom Auto configuration (”Mass Deployment“) work you need to update your Phones to Firmeware V7. You also need a webserver beeing able to deliver the directory ./snom/. I assume the Webserver is available at the IP-Address 172.28.1.2.

Finally you need some additional files:

snom/snom3x0.htm – master configuration file

<?xml version="1.0" encoding="utf-8" ?>
<setting-files>
  <file url="http://172.28.1.2/snom/general.xml" />
  <file url="http://172.28.1.2/snom/phonebook.xml" />
  <file url="http://provisioning.snom.com/config/web_lang.xml" />
  <file url="http://provisioning.snom.com/config/gui_lang.xml" />
</setting-files>

snom/general.xml – configuration for all you phones

<?xml version="1.0" encoding="utf-8" ?>
<settings>
 <phone-settings>
  <challenge_response perm="&">off</challenge_response>
  <filter_registrar perm="&">off</filter_registrar>
  <guess_number perm="&">off</guess_number>
  <user_phone perm="&">off</user_phone>
  <silence_compression perm="&">off</silence_compression>
  <date_us_format perm="&">off</date_us_format>
  <time_24_format perm="&">on</time_24_format>
  <user_outbound idx="1" perm="$">172.28.1.2</user_outbound>
  <user_host idx="1" perm="$">172.28.1.2</user_host>
  <user_pname idx="1" perm="$"></user_pname>
  <user_active idx="1" perm="$">on</user_active>
  <user_sipusername_as_line idx="1" perm="$">on</user_sipusername_as_line>
  <ntp_server perm="$">172.28.1.2</ntp_server>
  <timezone perm="$">GER+1</timezone>
  <web_language perm="$">Deutsch</web_language>
  <language perm="$">Deutsch</language>
  <tone_scheme perm="$">GER</tone_scheme>
 </phone-settings>
</settings>

Nov configure your Phones to get the Configuration from your Webserver and you are done. Ether use DHCP or edit the phones configuration at Advanced -> Update -> Setting URL:

Save, reboot and you should be done.

Now all Phones

* Are configured automatically
* get nice printed labels
* get a up-to date phonebook

while you yourself have only to edit a single file – snom.txt. This was tested with “Asterisk 1.2.24-BRIstuffed-0.3.0-PRE-1y-k”.

Posted in c0re, hack the planet! | No Comments »

Sniffing URLs

Tuesday, August 31st, 2004

Find the URLs of HTTP requests rtouted through your machine with this python snippet:

import pcap, time, sys

p = pcap.pcapObject()
net, mask = pcap.lookupnet("xl1")
p.open_live("xl1", 1600, 0, 100)
p.setfilter("tcp port 80 or port 8080 or port 3128" , 0, 0)

dupecache = {}

def print_deduped(data):
    if data not in dupecache:
        print data
        sys.stdout.flush()
    dupecache[data] = time.time()

def print_packet(pktlen, data, timestamp):
    if not data or pktlen > 1400:
        return
    # remove minimum IP / TCP header
    data = data[54:]
    pos = data.find("GET")
    if pos < 0:
        pos = data.find("HEAD")
    if pos < 0:
        return
    data = data[pos:]
    l = data.split("\n")
    reqstr = l[0]
    reqstr = reqstr[reqstr.find(" ")+1:reqstr.rfind(" ")]
    if reqstr[:1] != "/":
        reqstr = "/%s" % reqstr
    host = referer = None
    for x in l:
        if x.startswith("Host: "):
           host = x[6:].strip()
        if x.startswith("Referer: "):
           referer = x[9:].strip()
    if not reqstr.endswith(".gif") and not reqstr.endswith(".jpg") and \
        not reqstr.endswith("css") and not reqstr.endswith("js") and \
        not reqstr.endswith("swf"):
        print_deduped("http://%s%s" % (host, reqstr))
    if referer:
        print_deduped(referer)

while 1:
    p.loop(1, print_packet)

Posted in c0re, hack the planet! | No Comments »

Get a list of URLs you came in contact with

Tuesday, August 31st, 2004 
grep -rh http:// \
~/Library/Application\ Support/Shrook2/Channels \
~/Library/Safari/History.plist \
~/Library/Safari/Bookmarks.plist \
~/Library/Mail/Mailboxes/ \
~/Library/Application\ Support/NetNewsWire/Cache* \
| perl -npe 's|http://|\nhttp://|g;s|[ ><"#}]+|\n|g;' | \
grep http:// | sort -u -r

Posted in c0re, hack the planet! | No Comments »

Insecure Programming

Wednesday, February 25th, 2004

Over at the nerxs.de wiki we have started collecting Links on InsecureProgramming. Kudos to robotnik for the links on BufferOverflows.

Posted in c0re, hack the planet! | No Comments »

orkut and security advisories

Saturday, February 14th, 2004

I wrote to the orkut-team the following email:

Subject: identity theft possible!

hi,

this is an advisory for a possible “hole” in the orkut
software which allows for a identity theft or identity
takeover and possible malicios actions.

since your software does not allow removal of the
account via the webinterface by a logged in user, you
made it neccessary to provide username and realname
with an email to admin@orkut.com in which i may
ask for removal of my account.

given that my friendlist mostly consists of people
i personally know, its quite likely i know their username
(as most people pick nicknames, handles or whatever for
their username). orkut does not really make clear how
important it is that nobody knows your username, so many
people think of it as “nickname” first.

now, following scenario is easily creatable:

someone logs into orkut and chooses “larry” as his username
his realname being “larry laffer”. he is a friend of mine,
or at least i know him, so i know that in other communities
and on IM or Chat he uses “larry” as a pseudonym.
i now write a mail to admin@orkut.com with a faked envelope-from header, showing his email-adress (if even checked by your staff),
and ask for removal with a wild guess of username “larry” and
realname “larry laffer”. this will, ultimately, lead to removal
of his account, giving free both his username AND realname.

now i sign up as “larry laffer” with a username of “larry012423″
and upload his picture (which most likely will be around on
the web, or i have saved it before asking for removal), join
his communities, add his friends and WOOSH! i am him.
now, even if he will be back in the community he will be
having a hard time convincing people he is who he says he is,
and i can do whatever i want with his identity. think up what
fun that may be :)

fix:

allow removal of the account via web-interface only by a
logged in user. or, as a quickfix, by message via orkut
from the logged in user. this at least needs a password
of the account.

furthermore:

because of the above problems:
please change my username “oldusername” to “newusername”, my
realname is “My Realname”. notify me of taken action via
email to this address, thanks!

greets,
stephan

Posted in c0re, hack the planet! | No Comments »

tickle – userspace bandwidth shaper

Friday, August 22nd, 2003

What an übercool hack! tickle is an userpace based traffic shaper. It just redirects the socket related library funktions to allow shaping of the bandwith usage of single applications. All this is done without root privileges. Wow!

Posted in c0re, hack the planet! | No Comments »

trollcheck

Thursday, August 21st, 2003

The EFFBOT came over with a python script to automatically identify usenet trolls. Nifty hack.

Posted in c0re, hack the planet! | No Comments »

HTTP / XMLRPC debug proxy

Saturday, July 26th, 2003

Nice tool for debugging third Party XML-RPC tools (in this case Kung-Log antville)

http://www.myelin.co.nz/notes/xmlrpc-debug-proxy.html

Posted in c0re, hack the planet! | No Comments »

Why our Rendezvous tunneling experiments failed

Wednesday, July 16th, 2003

We hacked so hard and pulled all kinds of IP tricks but now I read on a Mailinglist:

the mDNSResponder will anyway ignore any
incoming packet that has a time-to-live < 255.

So we have to compile stealth forwarding into our router’s kernels.

Posted in c0re, hack the planet! | No Comments »