Skip to content

A tool that serves as a Proof of Concept for the research I presented at DEF CON 26, "Compromising online accounts by cracking voicemail systems"

Notifications You must be signed in to change notification settings

martinvigo/voicemailautomator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 

Repository files navigation

voicemailautomator

voicemailautomator is a tool that serves as a Proof of Concept for the research I presented at DEF CON 26, "Compromising online accounts by cracking voicemail systems".

For details and demos please check: https://www.martinvigo.com/voicemailcracker

Basic info

voicemailautomator supports two actions:

  • "message" - retrieves and records the newest message in the voicemail system. It returns a URL with the recording.
  • "greeting" - changes the greeting message to specific DTMF tones

It uses webhooks to obtain information about the ongoing calls and act accordingly. It starts a Webserver on localhost:8080 and uses localhost.me service to reach the machine running the script.

Setup

You will need a funded Twilio account, setup TwiML bins and configure localtunnel.me to accept Webhooks. Check the "Twilio setup" section in the script and add the missing information

account_sid = "" # Obtain from Twilio
auth_token = "" # Obtain from Twilio
twimlPayloadChangeGreeting = "" # <?xml version="1.0" encoding="UTF-8"?><Response><Pause length="10"/><Hangup/></Response>
twimlPayloadChangeGetNewestMessage = "" # <?xml version="1.0" encoding="UTF-8"?><Response><Pause length="10"/><Hangup/></Response>
status_callback_url = "" # Obtain from localtunnel.me

Usage

python voicemailcracker.py message --victimnumber 5555555555 --carrier tmobile --callerid 4444444444 --backdoornumber 3333333333 --pin 0000
python voicemailcracker.py greeting --victimnumber 5555555555 --carrier tmobile --callerid 4444444444 --backdoornumber 3333333333 --pin 0000 --payload 1234

Demo videos

Bruteforcing a voicemail PIN with voicemailcracker

Bruteforcing a voicemail PIN with voicemailcracker

Compromising Signal with voicemailcracker

Compromising Signal with voicemailcracker

Compromising Paypal with voicemailcracker

Compromising Paypal with voicemailcracker

Tool presentation at DEF CON 26

Tool presentation at DEF CON 26

Authors

Martin Vigo - @martin_vigo - martinvigo.com

About

A tool that serves as a Proof of Concept for the research I presented at DEF CON 26, "Compromising online accounts by cracking voicemail systems"

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages