freepbx

VoIP服务器曝重大漏洞,黑客可以绕过管理员身份

情到浓时终转凉″ 提交于 2020-11-06 08:21:59
PBX是专用小交换机的缩写,是一种交换系统,用于建立和控制电信端点之间的电话呼叫,例如常规电话机,公用电话交换网(PSTN)上的目的地以及基于Internet协议的语音的设备或服务(VoIP)网络。 据东方联盟安全组织的研究发现,该攻击利用了CVE-2019-19006(CVSS评分9.8)这一严重漏洞,影响了FreePBX和PBXact的管理员Web界面,潜在地允许未经授权的用户通过将特制数据包发送到系统来获得管理员对系统的访问权限。 远程管理员身份验证绕过漏洞影响FreePBX版本15.0.16.26及以下,14.0.13.11及以下以及13.0.197.13及以下,并于2019年11月修复。 东方联盟研究人员指出:“攻击始于SIPVicious,一种流行的工具套件,用于审核基于SIP的VoIP系统。” “攻击者使用'svmapmodule'扫描Internet以查找运行易受攻击的FreePBX版本的SIP系统。一旦发现,攻击者便利用CVE-2019-19006来获得对该系统的管理员访问权限。” 在一个攻击流程中,发现一个初始的PHP Web Shell被用来获取FreePBX系统的数据库和不同SIP扩展名的密码,从而使攻击者可以不受限制地访问整个系统,并且可以从每个扩展名进行呼叫。 在第二个版本的攻击中,最初的Web Shell被用于下载base64编码的PHP文件

SIP trunk config文件

杀马特。学长 韩版系。学妹 提交于 2019-12-25 16:24:43
【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>> [General Settings]中 Maximum Channels 设置为CTS提供SIP Trunk的并发数量 [Outgoing Settings]中设置 PEER Details 为如下内容: username=12345678 (CTS提供的SIP Trunk配置号码) type=friend secret=xxxxxxxxxxxx (CTS提供的SIP Trunk配置密码) qualify=yes port=5060 nat=yes insecure=very host=voip.cts.sh.cn fromuser=12345678 (CTS提供的SIP Trunk配置号码) fromdomain=voip.cts.sh.cn dtmfmode=rfc2833 disallow=all context=from-trunk canreinvite=yes allow=gsm&ulaw&alaw&g729&ilbc [Incoming Settings]中设置 USER Details 为如下内容:(如果仅申请呼出号码无需填写) username=12345678 (CTS提供的SIP Trunk配置号码) type=friend secret=xxxxxxxxxxxx (CTS提供的SIP

SIP Trunk / SIP 中继服务

风流意气都作罢 提交于 2019-12-25 16:01:35
【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>> CTS SIP Trunk/SIP中继可以让你现有的IPPBX连接到CTS的平台从而使用VOIP外线落地。享受拨打全国统一资费0.09元,多路中继号码,可接听电话。如果你已经有了IPPBX系统,使用CTS SIP Trunk企业级VOIP中继/SIP中继话务服务,可以让你在外呼电话时节省更多的钱 ,让您的VOIP系统对内对外都实现真正的 Over IP。使用CTS SIP Trunk/SIP中继无需硬件语音板卡,无需电话线路,只需一条网线,架设从内部分机到外呼电话的完全 VOIP 系统。不限企业地域,全国均可使用。如需办理请电话咨询:4008290998. 备注:使用CTS SIP Trunk服务,几乎任何的现有IPPBX均可以直接配置使用,无需任何硬件设备, 仅需支持SIP协议即可。例如:FreePBX,Asterisk,FreeSwitch,Trixbox,PBX IN A Flash,Elastix,3CX,AVAYA,Lync等等。 来源: oschina 链接: https://my.oschina.net/u/1452491/blog/200550

Should a SIM Card and Cell Phone Produce an Authorization Response after Recieving “401 Unauthorized”?

醉酒当歌 提交于 2019-12-25 11:13:54
问题 I am trying to use FreePBX 13 (a GUI version of Asterisk) to create a mock VoLTE network with our cellphones (an iPhone 6S+ and an LG G3 VS985). FreePBX has been set up as such: FreePBXForums: Using FreePBX 13 with a Mock Cellular Network At the moment, we are able to register and make calls with computer clients, but the UEs (aka the cellphones) fail to register because of a "realm" mismatch among other things. Because of this I have a couple questions: If a client (even a UE) recieves a 401

FreePBX add a new SIP extension

前提是你 提交于 2019-12-24 05:35:54
问题 I've successfully built VoIP server with FreePBX Asterisk. It works fine when I register a user on FreePBX. However, I would like to register a SIP account from mobile device directly. I found out that I can add custom information into FreePBX MySQL database. However, it doesn't work either, and I couldn't find a place to insert SIP password.. Someone said that I need to do something with /var/www/html/admin/functions.inc.php file. Is there better way to create a new SIP extension from

Calling a PHP script using FreePBX and Asterisk

隐身守侯 提交于 2019-12-01 13:30:06
So I have a VOIP system set up through a FreePBX server. I want to have it so that when a new call is picked up by FreePBX, asterisks will send the caller ID and the call ID to a php script, which will then use that information to gather ticket information for the account related to that caller ID. It will then update a database with the found information. When a user answers the phone, I then want to send the user's extension and the call ID to another php script and update the database with the new information. I have looked into PHPARI, but the documentation is lacking for me. I just need

Calling a PHP script using FreePBX and Asterisk

与世无争的帅哥 提交于 2019-12-01 10:47:45
问题 So I have a VOIP system set up through a FreePBX server. I want to have it so that when a new call is picked up by FreePBX, asterisks will send the caller ID and the call ID to a php script, which will then use that information to gather ticket information for the account related to that caller ID. It will then update a database with the found information. When a user answers the phone, I then want to send the user's extension and the call ID to another php script and update the database with