Calling it a 0-Day - Hacking at PBX/UC Systems

Presented at DEF CON 31 (2023), Aug. 12, 2023, 10:30 a.m. (45 minutes)

PBX (Private Branch Exchange) and UC (Unified Communications) servers are the big communication brokers in enterprise environments where they love on-prem. They do everything to enable internal and external communications including voice, video, conferencing and messaging. But a broader scope also means a broader attack surface. In this talk, we'll give an overview PBX/UC systems, what kind of attack surface they have, as well as several bugs that we recently found in two popular PBX/UC products. The journey includes deep-diving Java's Runtime.exec(), decrypting encrypted PHP, bypassing license restrictions, pretending to be a phone, and (of course) getting some shells. REFERENCES: * VoIP Wars: Attack of the Cisco Phones (DEF CON 22, Fatih Ozavci) * Hacking VoIP Exposed (Black Hat USA 2006, David Endler, Mark Collier)

Presenters:

• good_pseudonym

Links:

• https://forum.defcon.org/node/245709

Similar Presentations:

• HushCon East 2019 / Case study in abusing modern VoIP PBX systems
• DEF CON 20 (2012) / The End of the PSTN As You Know It
• Black Hat USA 2016 / VOIP WARS: The Phreakers Awaken