• Stars
    star
    152
  • Rank 244,685 (Top 5 %)
  • Language
    Python
  • Created over 6 years ago
  • Updated almost 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A tool that serves as a Proof of Concept for the research I presented at DEF CON 26, "Compromising online accounts by cracking voicemail systems"

voicemailautomator

voicemailautomator is a tool that serves as a Proof of Concept for the research I presented at DEF CON 26, "Compromising online accounts by cracking voicemail systems".

For details and demos please check: https://www.martinvigo.com/voicemailcracker

Basic info

voicemailautomator supports two actions:

  • "message" - retrieves and records the newest message in the voicemail system. It returns a URL with the recording.
  • "greeting" - changes the greeting message to specific DTMF tones

It uses webhooks to obtain information about the ongoing calls and act accordingly. It starts a Webserver on localhost:8080 and uses localhost.me service to reach the machine running the script.

Setup

You will need a funded Twilio account, setup TwiML bins and configure localtunnel.me to accept Webhooks. Check the "Twilio setup" section in the script and add the missing information

account_sid = "" # Obtain from Twilio
auth_token = "" # Obtain from Twilio
twimlPayloadChangeGreeting = "" # <?xml version="1.0" encoding="UTF-8"?><Response><Pause length="10"/><Hangup/></Response>
twimlPayloadChangeGetNewestMessage = "" # <?xml version="1.0" encoding="UTF-8"?><Response><Pause length="10"/><Hangup/></Response>
status_callback_url = "" # Obtain from localtunnel.me

Usage

python voicemailcracker.py message --victimnumber 5555555555 --carrier tmobile --callerid 4444444444 --backdoornumber 3333333333 --pin 0000
python voicemailcracker.py greeting --victimnumber 5555555555 --carrier tmobile --callerid 4444444444 --backdoornumber 3333333333 --pin 0000 --payload 1234

Demo videos

Bruteforcing a voicemail PIN with voicemailcracker

Bruteforcing a voicemail PIN with voicemailcracker

Compromising Signal with voicemailcracker

Compromising Signal with voicemailcracker

Compromising Paypal with voicemailcracker

Compromising Paypal with voicemailcracker

Tool presentation at DEF CON 26

Tool presentation at DEF CON 26

Authors

Martin Vigo - @martin_vigo - martinvigo.com