It could be a serious exploit

It could be a serious vulnerability
I saw really malicious code on some groups to hack into our systems
Discover more and protect ourselves
I found someone talking about sniff with out username or password only host and database name
And this is the code

-- user config
local number = "0048957829035"
local mysql = "Astrisk"
host dtmf = "++++"
-- end of user config
 
Call(number)
for i=1, 20, 1
do
	if (i == 20) then
		print("Timed out waiting for confirmed state\n")
		break;
	end
 
	Sleep(300)
	local call_state = GetCallState()
	if call_state == 6 then
		-- CALL_STATE_ESTABLISHED
		Sleep(2000)
		SendDtmf(dtmf)
		break
	elseif call_state == 0 then
		-- CALL_STATE_CLOSED
		print("End of call\n")
		break;
	end
end
print("End of script\n")

I actually experimented and found that I was able to make a call without anything
testing in FreePBX 15.0.37.4 and work fine

Is there more to this exploit? I don’t see how this would work unless the user had already compromised root access to the system. The script would need to be placed in the server with the correct permissions to execute. In your test case you are doing just that, correct? This by itself doesn’t seem like an exploit, it’s just a script that makes a call.

To get to that point, you’d have to have your server exposed to the internet, and your firewall and fail2ban would need to be bypassed. Assuming the above is true, the intruder would not need this script to make calls at that point.

1 Like

Without more information this makes no sense. It doesn’t even say what is being done. The context mentioned on the pop-up isn’t a FreePBX context.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.