πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
[#HackTip β] A cool technique for initial AD access during a pentest. Got a Cisco IP Phone nearby? Congrats, youβre (almost) a domain user!
#pentest #ad #cisco
π https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
π https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
π https://github.com/llt4l/iCULeak.py
π₯ [ tweet ]
[#HackTip β] A cool technique for initial AD access during a pentest. Got a Cisco IP Phone nearby? Congrats, youβre (almost) a domain user!
#pentest #ad #cisco
π https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
π https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
π https://github.com/llt4l/iCULeak.py
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
Keep in mind when scraping usernames from a #Cisco #CUCM server with @n00py1βs cucme[.]sh or @TrustedSecβs SeeYouCM-Thief: the names can be not only within the <userName> tag but also within the <firstName> and <lastName> tags. Worth checking!
https://t.co/GGX5OeKQ3Q
π https://ppn.snovvcrash.rocks/pentest/infrastructure/networks/sip-voip#cisco-ip-phones
π₯ [ tweet ]
Keep in mind when scraping usernames from a #Cisco #CUCM server with @n00py1βs cucme[.]sh or @TrustedSecβs SeeYouCM-Thief: the names can be not only within the <userName> tag but also within the <firstName> and <lastName> tags. Worth checking!
https://t.co/GGX5OeKQ3Q
π https://ppn.snovvcrash.rocks/pentest/infrastructure/networks/sip-voip#cisco-ip-phones
π₯ [ tweet ]