IAXAuthJack

IAXAuthJack is a tool used to actively perform an authentication downgrade attack and force an endpoint to reveal its password in plaintext over the network. It performs this attack by sniffing the network for traffic indicating that a registration is taking place, and then injecting a REGAUTH specifying that the endpoint should authenticate in plaintext rather then MD5 or RSA.

Prerequisites: Linux/Python
Downloads: IAXAuthJack

WORK WITH iSEC PARTNERS

iSEC Partners is always looking to expand its team of experienced technical professionals and continue to provide best-of-breed security solutions to its Fortune-100 customers.

If you are an experienced security researcher, developer, or consultant, please send an ASCII, PDF, or HTML resume to:

careers@isecpartners.com

IAXAuthJack

WORK WITH iSEC PARTNERS

BOOKS & WHITEPAPERS

Secure Session Management With Cookies for Web Applications

Command Injection in XML Signatures and Encryption

Hacking VoIP

CUSTOM TOOLS