What have you tried so far? How far have you gotten? What is your approach to this? How much do you know/understand about VoIP?
VoIP as a service is no different than email. Most "VoIP" in the sense of SIP registrations and or trunking is no different. There is going to be a username, password and registrar.SIP Account
With this said there are two attack vectors to think about. The registrar and the end user. Attacking an end user yields you the ability to see/hear voicemail, place calls, etc. usually, these will have limited access/resources to do much via configurations
Attacking the registrar is no different than attacking any system. You're after administrative/root privileges. What services are running on the machine, are they vulnerable, if so, how. What can you gather/own/etc. That's all I'm willing to share right now. You have a baseline/framework to think about/work with. Guess I could supply more (http://secunia.com/advisories/22480
) but as stated, this should give you enough to work with