Testing out Incredible PBX for Asterisk-GUI

JaredBusch

So I installed Incredible PBX for Asterisk-GUI. Someone want to run some pen-test stuff against this thing?

It is on a CloudatCost Dev 2 host. I have done zero securing beyond yum -y update for patches.
Then followed the default process to install the Incredible PBX for Asterisk-GUI and changed the default GUI password on first login.

No trunks setup or anything just in case.

Here is the IP: 104.167.111.187

JaredBusch

A basic pentest-tools.com scan returned pretty much as I would expect.

Starting job... [2015-02-24 01:52:57]             Stay on this page for results!

Starting Nmap 6.00 ( http://nmap.org ) at 2015-02-24 03:52 EET 
Initiating Ping Scan at 03:52 
Scanning 104.167.111.187 [4 ports] 
Completed Ping Scan at 03:52, 0.12s elapsed (1 total hosts) 
Initiating SYN Stealth Scan at 03:52 
Scanning 104.167.111.187 [22 ports] 
Completed SYN Stealth Scan at 03:53, 1.84s elapsed (22 total ports) 
Initiating OS detection (try #1) against 104.167.111.187 
Retrying OS detection (try #2) against 104.167.111.187 
Initiating Traceroute at 03:53 
Completed Traceroute at 03:53, 0.11s elapsed 

Nmap scan report for 104.167.111.187 
Host is up (0.091s latency). 

PORT STATE SERVICE 
21/tcp filtered ftp 
22/tcp filtered ssh 
23/tcp filtered telnet 
25/tcp filtered smtp 
80/tcp filtered http 
110/tcp filtered pop3 
143/tcp filtered imap 
179/tcp filtered bgp 
443/tcp filtered https 
465/tcp filtered smtps 
993/tcp filtered imaps 
995/tcp filtered pop3s 
1433/tcp filtered ms-sql-s 
1720/tcp filtered H.323/Q.931 
1723/tcp closed pptp 
3306/tcp filtered mysql 
3389/tcp filtered ms-wbt-server 
5060/tcp filtered sip 
5900/tcp filtered vnc 
8000/tcp filtered http-alt 
8080/tcp filtered http-proxy 
8443/tcp filtered https-alt 
Too many fingerprints match this host to give specific OS details 
Network Distance: 13 hops 


TRACEROUTE (using port 80/tcp) 
HOP RTT ADDRESS 
1 0.44 ms router1-lon.linode.com (212.111.33.229) 
2 1.19 ms 212.111.33.233 
3 0.86 ms te2-7.ccr01.lon07.atlas.cogentco.com (149.11.30.61) 
4 1.19 ms te0-7-0-32.ccr21.lon01.atlas.cogentco.com (130.117.1.177) 
5 1.71 ms be2494.ccr42.lon13.atlas.cogentco.com (154.54.39.130) 
6 85.35 ms be2489.ccr42.par01.atlas.cogentco.com (154.54.39.114) 
7 77.82 ms be2094.ccr41.jfk02.atlas.cogentco.com (154.54.30.13) 
8 79.36 ms be2106.ccr21.alb02.atlas.cogentco.com (154.54.3.50) 
9 85.22 ms te0-0-2-0.rcr12.b011027-3.yyz02.atlas.cogentco.com (154.54.43.86) 
10 84.17 ms 38.122.70.210 
11 95.96 ms be2437.ccr22.yyz02.atlas.cogentco.com (66.28.4.198) 
12 99.69 ms 74.116.120.156 
13 87.95 ms 104.167.111.187 

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . 

Nmap done: 1 IP address (1 host up) scanned in 6.16 seconds 
Raw packets sent: 98 (8.476KB) | Rcvd: 24 (1.530KB) 


Job finished [2015-02-24 01:53:03]

JaredBusch

Here is the UDP

Starting job... [2015-02-24 01:55:39]             Stay on this page for results!

Starting Nmap 6.00 ( http://nmap.org ) at 2015-02-24 03:55 EET 
Initiating UDP Scan at 03:55 
Scanning 104.167.111.187 [9 ports] 
Discovered open port 123/udp on 104.167.111.187 
Completed UDP Scan at 03:55, 0.23s elapsed (9 total ports) 

Nmap scan report for 104.167.111.187 
Host is up (0.090s latency). 

PORT STATE SERVICE 
53/udp open|filtered domain 
69/udp closed tftp 
111/udp open|filtered rpcbind 
123/udp open ntp 
161/udp open|filtered snmp 
500/udp open|filtered isakmp 
514/udp open|filtered syslog 
4500/udp open|filtered nat-t-ike 
5060/udp open|filtered sip 


Nmap done: 1 IP address (1 host up) scanned in 0.58 seconds 
Raw packets sent: 9 (604B) | Rcvd: 2 (132B) 


Job finished [2015-02-24 01:55:40]