rename SRTP decryption tool; added single password check to SIPBrute

Author: MoritzAbrell

README.md

@@ -17,7 +17,7 @@ Read the Installation Guide in the [wiki](https://github.com/SySS-Research/WireB
 
 - SaCLaC: This includes two python programs. One for spoofing fake LLDP-MED packets to getting into VoIP VLAN or trigger a DoS by instruct the client to set a VLAN-Tag and one to analyze CDP Information of a PCAP File. 
 
-- DecodeSRTP: This script makes it easy to use the [Cisco Systems' SRTP library](https://github.com/cisco/libsrtp) for decrypting a SRTP-SDES Stream if the AES-Key was extracted from the signalling part.
+- DecryptSRTP: This script makes it easy to use the [Cisco Systems' SRTP library](https://github.com/cisco/libsrtp) for decrypting a SRTP-SDES Stream if the AES-Key was extracted from the signalling part.
 
 - CrackTheSIP: A simple brute force tool for cracking SIP digest authentication by using a word list.  
 
@@ -76,10 +76,10 @@ wizard > help
 
 Documented commands (type help <topic>):
 ========================================
-bridge      evilstun  lldpspoof       sipcrack     timeshift    
-cdpanalyze  exit      rtpaudioinject  sipdiscover  vlanenum     
-clear       help      rtpfuzz         sipenum      zrtpdowngrade
-decodesrtp  lldpdos   sipbrute        sipfuzz
+bridge       evilstun  lldpspoof       sipcrack     timeshift
+cdpanalyze   exit      rtpaudioinject  sipdiscover  vlanenum
+clear        help      rtpfuzz         sipenum      zrtpdowngrade
+decryptsrtp  lldpdos   sipbrute        sipfuzz
 ```
 
 ## Sample Usage Video

classes.py

@@ -105,16 +105,16 @@ def do_lldpdos(self, inp):
             print("Please set a valid mode")
 
 
-    def do_decodesrtp(self, inp):
+    def do_decryptsrtp(self, inp):
         '''If you have the AES key from the SDP crypto attribute of the signaling part, you can decrypt the SRTP-SDES stream with this tool'''
-        tool_folder = "DecodeSRTP"
+        tool_folder = "DecryptSRTP"
         print("If you have the AES key from the SDP crypto attribute of the signaling part, you can decrypt the SRTP-SDES stream with this tool")
         print("Sniff the RTP Stream and extract only the RTP part in a separate PCAP file")
-        decodesrtp_keysize = input("Enter the keysize <128> or <256> [128]: ") or "128"
-        decodesrtp_key = input("Enter the AES key base64 encoded: ")
-        decodesrtp_infile = input("Enter the infile containing the extracted RTP stream: ")
-        decodesrtp_outfile = input("Enter the outfile (if nothing is set the file is stored under ./tools/DecodeSRTP/): ")
-        run_tool(tool_folder, f"decodesrtp.sh {decodesrtp_keysize} {decodesrtp_key} {decodesrtp_infile} {decodesrtp_outfile}")
+        decryptsrtp_keysize = input("Enter the keysize <128> or <256> [128]: ") or "128"
+        decryptsrtp_key = input("Enter the AES key base64 encoded: ")
+        decryptsrtp_infile = input("Enter the infile containing the extracted RTP stream: ")
+        decryptsrtp_outfile = input("Enter the outfile (if nothing is set the file is stored under ./tools/DeccryptSRTP/): ")
+        run_tool(tool_folder, f"decryptsrtp.sh {decryptsrtp_keysize} {decryptsrtp_key} {decryptsrtp_infile} {decryptsrtp_outfile}")
 
 
     def do_cdpanalyze(self, inp):

configure.sh

@@ -1,10 +1,10 @@
 #!/bin/bash
 
 getlib(){
-    wget -P ./tools/DecodeSRTP/ https://github.com/cisco/libsrtp/archive/master.zip
-    unzip -d ./tools/DecodeSRTP/ ./tools/DecodeSRTP/master.zip
-    rm ./tools/DecodeSRTP/master.zip 
-    cd ./tools/DecodeSRTP/libsrtp-master && ./configure
+    wget -P ./tools/DecryptSRTP/ https://github.com/cisco/libsrtp/archive/master.zip
+    unzip -d ./tools/DecryptSRTP/ ./tools/DecryptSRTP/master.zip
+    rm ./tools/DecryptSRTP/master.zip 
+    cd ./tools/DecryptSRTP/libsrtp-master && ./configure
     make
     exit 1
 }

tools/DecodeSRTP/decodesrtp.sh renamed to tools/DecryptSRTP/decryptsrtp.sh

@@ -9,7 +9,7 @@ outfile=$4
 
 if [ -z "$keysize" ]||[ -z "$key" ]||[ -z "$infile" ];then
 
-	echo "Usage: ./decodesrtp.sh <key size> <key base64 encoded> <infile pcap> <(optional) outfile>"
+	echo "Usage: ./decryptsrtp.sh <key size> <key base64 encoded> <infile pcap> <(optional) outfile>"
 	echo ""
 	echo ""
 	echo "key size	=	use encryption (use 128 or 256 for key size)"

tools/RTPAudioInjection/rtpaudioinject.py

@@ -106,12 +106,12 @@ def send_packet(i, payload, time):
         filelen = len(byte)
         x = 0
         while x < filelen:
-            y = x+700
+            y = x+160
             payload = bytearray(byte[x:y])
             send_packet(i, payload, time)
             i+=1
-            time+=700
-            x+=700
+            time+=160
+            x+=160
 
 
 

tools/SIPBrute/sipbrute.py

@@ -88,6 +88,15 @@
     help="The username for password brute force"
 )
 
+parser.add_argument(
+    '--pw',
+    dest="PASSWORD",
+    type=str,
+    default=None,
+    help="The password to test. If a password is given, the wordlist parameter will be ignored."
+)
+
+
 parser.add_argument(
     '-v',
     action='store_true',
@@ -180,7 +189,7 @@ def calc_auth(response, password, callid, branch):
 
 
 def get_results(response):
-
+    
     if bytes('401 Unauthorized', 'utf-8') in response:
         return("401")
 
@@ -197,13 +206,17 @@ def get_results(response):
         return("403")
 
     else:
-        print("\033[1;34m[*]\033[0m Unexpected response")
+        print("\033[1;31m[!]\033[0m Unexpected response. Exiting ...")
         sys.exit(0)
 
 
 def main():
 
-    lines = [line.rstrip('\n') for line in open(args.WORDLIST)]
+    if args.PASSWORD is None:
+        lines = [line.rstrip('\n') for line in open(args.WORDLIST)]
+    else:
+        lines = []
+        lines.append(args.PASSWORD)
 
     i = 0
 
@@ -259,6 +272,8 @@ def main():
 
                 else:
                     sock.close()
+                    print("\033[1;31m[!]\033[0m Unexpected response. Exiting ...")
+                    sys.exit(0)
 
             except (KeyboardInterrupt):
                 print("\033[1;34m[*]\033[0m User interruption. Exiting ...")

tools/SIPDiscover/sipdiscover.py

@@ -133,7 +133,7 @@ def main():
             elif args.PROTOCOL == "tls": 
                 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                 sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1_2, keyfile=args.KEY, certfile=args.CRT)
-
+            
             else:
                 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
 
@@ -204,8 +204,12 @@ def main():
 
         except (KeyboardInterrupt):
             print("\033[1;34m[*]\033[0m User interruption. Exiting ...")
+            sock.close()
             sys.exit(0)
 
+        except:
+            sock.close()
+ 
 
 if __name__ == "__main__":
     main()

tools/VlanEnum/dhclient.conf

@@ -10,7 +10,7 @@ timeout 3;
 initial-interval 1;
 
 lease {
-  interface "eth0.1";
+  interface "eth0.120";
   fixed-address 169.254.0.1;
   option subnet-mask 255.255.255.254;
   renew  0 2000/01/01 00:00:01; # but force immediate renewal to return to DHCP server when coming back online