I need some urgent help & advice for my Pentest... here is the situation:
In my security testing lab environment, I have A SIP Gateway Server (let me just name it SRVA) and a SIP Client (CLTA) in the same switched LAN (same subnet). SRVA IP address is 192.168.1.100 and CLTA IP address is 192.168.1.200. All IP addresses are statically configured, no DHCP is involved.
SRVA and CLTA are communicating using SIP Protocol and they are using Digest Authentication between the two hosts. On top of the Digest Authentication, the server is also using IP Address as another security measure to authenticate the client side -- which means, on the Server it is configured to only Allow any SIP connection request originated from CLTA's IP Address (192.168.1.200), even after the Digest Authentication is successfully made -- no other source IP Address is allowed by the Server.
My task is to find a way to compromise the LAN security and successfully make VoIP calls from another computer (not CLTA). So I am almost there... as I have already cracked the SIP username and Digest Authentication Password using the Man-in-the-Middle attack. So now I have the SIP Username and the working SIP Password, as well as a free VoIP Softphone installed on my computer (IP Address 192.168.1.210). I am very close to my final objective!
However, now I am facing a challenge on how to physically takeover the IP Address of CLTA (192.168.1.200)... as the SIP Server (SRVA) will deny my SIP connection from any IP address another than 192.168.1.200 even with the correct username/password. I tried to configure my IP Address manually to 192.168.1.200, but as expected, after I do so, I receive an "IP Address Conflict" error and not able to use the network -- I am sure the CLTA side will also have that error pop up.
-- How shall I go about successfully taking over 192.168.1.200 on the LAN, while I am not allowed to shutdown CLTA or disconnect it from the network.
Need some ideas... thank you!