Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome or Safari browser. Firefox 10 (to be released soon) will also handle it.

.
Lesson 1: Expectations And Reality

IVR Applications are Unaudited because they are Considered Safe

No Firewalls|Captcha or security systems in place for IVR Applications

Finger Printing Internal Servers:

Triggering Errors | Vulnerable Programs | Automating it

Input Validation Attacks

Grammer Files | Potential Sql Injection | Vulnerable Programs

Potential Buffer Over Flow in CGI

DTMF , Voice Fuzzing | Vulnerable Applications | Alpha Numeric Payload, Crashing An Internal Server

Finger Printing
Internal Servers


Triggering Errors...


  1. 1) If we could trigger error messages on Internal servers , the text to speech (tts) machine would read out the error.
    2) We could Automate this part (our tool)

Finger Printing

Internal Servers

Demo Application

Demo Video

SQL Injection


vai Telephone Phone Line






Lesson 2: What all did we learn.

  1. 1) Grammer files, does the Input match.
  2. 2)No suresh does not work, you need to say solace.