forked from iknowjason/voiphopper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
USAGE
77 lines (39 loc) · 3.44 KB
/
USAGE
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Some quick samples usages for VoIP Hopper are listed below.
1. One of the most effective ways to run VoIP Hopper is the new, interactive assessment mode. Simply run it as follows:
voiphopper -i eth0 -z
2. LLDP-MED spoofing: You can spoof LLDP-MED packets to quickly learn the Voice VLAN ID, as follows:
voiphopper -i eth0 -o 00:50:60:03:99:CB
This will spoof a Cisco compliant LLDP-MED packet with the MAC address and hostname of certain LLDP-MED TLVs.
3. New Alcatel-Lucent modes for VoIP Hopper (3 total). Spoof Alcatel compliant DHCP Option 43 (-t 0), spoof Alcatel compliant LLDP-MED (-t 1), and specify the VLAN ID manually (-t 2). With each mode, an Alcatel compliant DHCP request is sent with a hard-coded MAC address for a valid Alcatel IP Phone. You can over-ride the Option 12 and Option 61 value of the Alcatel MAC address by specifying the (-m <MAC>) option.
voiphopper -i eth0 -t 0
voiphopper -i eth0 -t 0 -m 00:50:60:03:99:CB
voiphopper -i eth0 -t 1
voiphopper -i eth0 -t 1 -m 00:50:60:03:99:CB
voiphopper -i eth0 -t 2 -v 800
voiphopper -i eth0 -t 2 -v 800 -m 00:50:60:03:99:CB
4. There are three CDP modes for VoIP Hopper. Sniff (-c 0), Spoof with custom packet (-c 1), and Spoof with pre-made packet (-c 2). To sniff for CDP and run a VLAN Hop into the Voice VLAN, simply run VoIP Hopper on the ethernet interface, in the following way:
voiphopper -i eth0 -c 0
5. To spoof CDP in order to more rapidly hop to the Voice VLAN in Cisco SIP environments, run VoIP Hopper in the following way:
voiphopper -i eth0 -c 1 -E 'SIP00070EEA5086' -P 'Port 1' -C Host -L 'Cisco IP Phone 7940' -S 'P003-08-8-00' -U 1
6. To spoof CDP in order to more rapidly hop to the Voice VLAN in Cisco SCCP environments, run VoIP Hopper in the following way:
voiphopper -i eth0 -c 1 -E 'SEP00070EEA5086' -P 'Port 1' -C Host -L 'Cisco IP Phone 7940' -S 'P00308000700' -U 1
7. To spoof CDP with a pre-made packet generated by a Cisco 7971G-GE IP Phone:
voiphopper -i eth0 -c 2
8. VoIP Hopper also allows one to VLAN Hop to an arbitrary VLAN, without sniffing for CDP. If you already know the Voice VLAN ID, or would like to VLAN Hop into another VLAN (without sniffing for CDP), you can run it in the following way (target VLAN ID is '200'):
voiphopper -i eth0 -v 200
9. To discover the Voice VLAN in an Avaya IP Phone environment and automatically jump VLANs:
voiphopper -i eth0 -a
10. To discover the Voice VLAN in a Nortel IP Phone environment and automatically jump VLANs:
voiphopper -i eth0 -n
11. To spoof the MAC address of an IP Phone by sniffing for CDP (this changes the MAC address of default interface and new interface):
voiphopper -i eth0 -c 0 -m AA:AA:AA:AA:AA:AA
12. To spoof the MAC address of an IP Phone using an Avaya DHCP request (this changes the MAC address of default interface and new interface):
voiphopper -i eth0 -a -m AA:AA:AA:AA:AA:AA
13. To spoof the MAC address of an IP Phone by VLAN Hopping without CDP or DHCP (this changes the MAC address of default interface and new interface):
voiphopper -i eth0 -v 200 -m AA:AA:AA:AA:AA:AA
14. To spoof the MAC address of an IP Phone without changing the MAC address of the default ethernet interface (only spoof the new voice interface's MAC address):
voiphopper -i eth0 -v 200 -m AA:AA:AA:AA:AA:AA -D
15. To simply spoof the MAC address of an interface and then exit.
voiphopper -i eth0 -m AA:AA:AA:AA:AA:AA
16. To delete the VoIP interface (eth0.200) created by VoIP Hopper:
voiphopper -d eth0.200