Many of the organizations look for physical conference space for some face to face meetings inspite of using a video-based alternative like Hangouts.
A Fun Fact: 40% of employees waste 30 minutes each day to find a meeting room.
Today we will show you how you can hack into a Cisco Webex meeting and also sprinkle a few tricks on the way. This method will consist of a malicious file being sent to the organizer.
With this help of this, users can now:
- Hold collaborative meetings through mobile devices, windows desktops or Mac with much ease.
- 1 What is Cisco Webex and how it all started
- 2 Cisco Webex Features
- 3 Cisco Webex on Android and iOS
- 4 How to Hack Cisco Webex Meetings for Fun with Tricks and Exploits
- 5 Final Words – Have you ever hacked your Webex meeting?
What is Cisco Webex and how it all started
It was founded by Subrah Iyar and Min Zhu in 1995. Dave Berman, who was a former president of Zoom, served as the president of worldwide sales and services here and helped it go public.
Eric Yuan, the founder of Zoom, was an engineer here before going on launching his multibillion-dollar company. It was without any doubt that the company would be both successful and influential as so many stars were working in this.
After 12 years, it was acquired by Cisco for around $3.2billion despite having only $380 million in sales.
Cisco Webex Features
This is a cloud-based suite of productivity tools that keeps all the teams connected like:
- WebEx Teams.
- WebEx Meetings.
- WebEx Devices.
The suite is used to merge web conferencing platforms and spark team collaboration tool.
The suite allows for unified communications for any business from SMBs to enterprise-wide needs, along with that help in video meetings, file sharing and team messaging.
Meetings inside the company can be supported. Moreover, it also supports the deployment of other Hybrid Services.
It comes with a variety of stuff for its users, follow through to have a clear idea of how this can change your life.
You can now host webinars up to 3000 attendees with this. It supports the following essential features:
- Text chart.
Like this, you can make most out of all sessions. Tools include:
- Content sharing.
- Ability to share screens so that everyone stays on the same page.
Video Conferencing with people
Meetings are the core offering of the company and have been the top pick for many years. Comes with the following features:
- HD video.
- Screen sharing.
- I am meeting recording.
- Easy to participate or even host conferences.
Providing Remote Support
This is the most robust remote assistance solutions available in the market. It helps to:
- Lower operate costs.
- Resolves problems faster.
- Provide real-time services to everyone around the globe.
WebEx allows users to provide support to any customer out there who has an internet connection regardless of the time zone through chat or their video conferencing service.
You can now educate yourselves even from across the globe. If you are a presenter then with this you can:
- Share presentations.
- Instruct through the digital whiteboard.
- Record sessions to build a library of resources.
The best part:
- Carries an eCommerce function with which you can charge for training.
Calling in the Cloud
It carries all the features that you expect from an effective cloud-based solution. The software supports the following modes:
- Transferring a call
- Do not disturb.
Users with this can also make use of virtual receptionist who shall greet the callers.
Now, this may not be as popular as other collaboration apps like Trello or Basecamp but is still a great choice. With this:
- Schedule meetings.
- Hold meetings online through chat.
- Use whiteboard.
- Share files.
Its carries an excellent user interface which allows you to join meetings in just a single click.
Cisco Webex on Android and iOS
The best part about this is that it is easy to use while on the go all thanks to mobile applications that can be found both of the Google Play Store and App Store. IOS version has around 50 thousand ratings and supports Siri.
The android version has more popularity with a rating which averages out of 4.4 stars versus 4.3 on iOS. It ensures that you would be never late for a meeting regardless of what your mobile device uses OS.
Cool features their Webex Mod APK is:
- Ability to use them with smartwatches like Apple watch.
- Ability to change meeting timings and appear when you’re not online.
How to Hack Cisco Webex Meetings for Fun with Tricks and Exploits
It comes with a flaw that you can access the complete scheme of the company. Karl Fosaaen published research on federated services and skype for companies. An attacker vector located address books of other companies and sent messages from skype for business, including all the features like seeing when someone is online; similar has been discovered in WebEx.
It allows users to use domain “companyname.webex.com” to host public meeting rooms.
The best feature is enabling private meeting rooms. Every employee receives a personal meetings room so meetings can be organized through this. Employees can share links with the ones they communicate.
Commonly used link is “companyname.webex.com/meet/userid”. User ID is the user name or mail address of a domain. As you are known about the name of the scheme of personal rooms of the company you can enter into the personal office of anyone as user wants from any place around the globe.
As you go to the link in the personal meeting room, the following page is displayed:
As details are entered that user desires, you are directly redirected to a secret room. If the person is not in the place currently, then the following is presented:
As you click on notify, email is sent to the owner of the room. The mail is generated and sent from messenger[@]webex.com. This is just an example and can be anything from within the company.
This will allow you to:
- Enumerate valid user names directly.
- Access to any user within the company.
How to know if a meeting is affected?
- You need to verify the link URL of the private room by entering the WebEx configuration.
- Access that link from a system outside your network; it is vulnerable if you can enter the room.
What can you do to avoid this?
- Change URL of the private room, depending on settings.
- Ask the IT department to change room ID.
A quick subdomain enumeration on WebEx.com has discovered many domains for organizations that use it in this way. A similar flaw is available in Skype, where it allows you to find the IP address of the person who is on the call.
Hacking Webex using a Malicious Payload File
It has issued a critical patch to a fix serious vulnerability CVE-2018-0112 in WebEx software that can be exploited by remote attackers to execute arbitrary code on target machine through weaponized flash files.
Both client and server version of WebEx business Suite or standard is affected by the vulnerability. It is recommended to update your software to fix the problem.
“A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.”
Source: Cisco Security Advisory publishment.
This flaw received a CVSS score of 9.0 and got rated as “critical” severity issue.
ENISA reported this vulnerability and is due to insufficient input validation clients.
Zacharis discovered that an attacker could submit the malicious flash file (.swf) towards a room full of attendees using a feature called sharing file and then trigger flaws to execute arbitrary code.
Software updates have been released by them to fix the flaw, it confirmed that it is not at all aware of attacks exploiting the vulnerability.
Cisco said that there is no workaround to address the problem currently.
The WebEx Suite software must be updated to T32.10, and T31.23.1 versions, software of needs to be updated to T32.10 and meeting server to be updated to 2.8 MR2.
Users need to access the website and go to support > download to determine either it meeting app is running the flawed version of client build.
Disclaimer: This guide is only for educational and informational purposes. We are not responsible for any damages caused by you following the techniques shared on this page.
Final Words – Have you ever hacked your Webex meeting?
Admit it; we have all been naughty in college or university life. This guide teaches you how to hack Cisco Webex meetings using various tricks and a malicious file. We also provide you with a Webex Mod APK file which modifies the original file with newer capabilities.