Blog

Can you run VICIdial on an iPhone?

That’s an interesting question. Given the current state we’re in with global pandemics threatening shutdowns for some and work-from-home for others, many of us are looking for mobile work-from-anywhere solutions. At Cyburity LLC we are always pushing the envelope to see what we can do next and how much farther we can push contact center technology. Check out this video to see how our cloud based dialers come stock with the technology to work not only from anywhere, but with any device.

Metasploit — A Walkthrough Of The Powerful Exploitation Framework

Ethical Hacker

Metasploit can handle everything from scanning to exploitation. In this article, we will take a look at what makes Metasploit the most versatile penetration testing toolkit.

Image for post

Intro to Penetration Testing

If you are new to penetration testing, let me explain what it is before I introduce you to an exploitation tool.

Penetration testing is hacking with permission. You might have seen cool hackers on TV attacking computer systems without getting caught. But that’s not how it works in the real world.

If you hack someone without permission, there is a high chance that you will end up in jail. So if you are planning to learn hacking with evil intentions, I am not responsible for any damage you cause. All my articles are purely educational.

So, if hacking is bad, why learn it in the first place? Every device on the internet is vulnerable by default unless someone secures it.

Its the job of the penetration tester to think like a hacker and attack his or her organization’s systems. The penetration tester then informs the organization about the vulnerabilities and advises on patching them.

Penetration testing is one of the highest-paid jobs in the industry. There is always a shortage of pen-testers since the number of devices on the internet is growing exponentially.

Right. Enough pep talk. Let’s look at one of the coolest pen-testing tools in the market — Metasploit.

Metasploit — The Complete Framework

Metasploit is a penetration testing framework that helps you to find and exploit vulnerabilities in systems. It gives you everything you need from scanners to third-party integrations that you will need throughout an entire penetration testing lifecycle.

This includes reconnaissance, scanning, exploitation, privilege escalation, and maintaining access.

Image for post
Penetration testing lifecycle

Metasploit is an open-source framework written in Ruby. Metasploit is written to be an extensible framework so that if you want to build custom features using Ruby, you can easily do that via plugins.

Rapid7, the company behind Metasploit offers a premium version of Metasploit with advanced features.

Metasploit is also frequently updated with new exploits published in the Common Vulnerabilities and Exposures (CVE). So if a new vulnerability is found and published, you can start scanning your systems right away.

Metasploit comes with anti-forensic and evasion tools built into it. Metasploit is also pre-installed in the Kali operating system.

Components

Now that you know what Metasploit is, let’s look at the core concepts of Metasploit.

Metasploit offers you a few key components to find and exploit vulnerabilities on a network. This includes exploits, payloads, auxiliaries, and so on. Let’s look at each one of them in detail.

Exploits

An exploit is a piece of code that takes advantage of a vulnerability in a system. These exploits perform specific actions based on how bad the vulnerability is.

Exploits can take advantage of software vulnerabilities, hardware vulnerabilities, zero-day vulnerabilities, and so on. Some of the common exploits include buffer overflows, SQL injections, and so on.

Image for post
Metasploit exploits list

Metasploit offers a number of exploits that you can use based on the existing vulnerabilities in the target system. Metasploit exploits can be classified into two types:

  • Active Exploits — Active exploits will run on a target system, exploit the system, gives you access or performs a specific task, and then exits.
  • Passive Exploits — Passive exploits will wait until the target system connects to the exploit. This approach is often used by hackers on the internet asking you to download files or software. Once you do, you connect yourself to a passive exploit running on the hacker’s computer.

Payloads

A payload is a piece of code that runs through the exploit. You use exploits to get into a system and payloads to perform specific actions.

For example, you can use a keylogger as a payload along with an exploit. Once the exploit is successful, it will install the keylogger in the target’s system.

Metasploit offers a good collection of payloads like reverse shells, bind shells, Meterpreter, and so on.

Image for post
Payloads

There are a few payloads that will work with the majority of exploits, but it takes some research to find the right payload that will work with the exploit. Once you choose an exploit, you can list the payloads that will work with that exploit using the ‘show payloads’ command in Metasploit.

There are a few types of payloads in Metasploit. The ones you will end up using the most are these three types:

  • Singles — Payloads that work on their own. eg. keyloggers.
  • Stagers — Payloads that work with others eg. two payloads: one to establish a connection with the target, the other to execute an instruction.
  • Meterpreter — Advanced payload that lives on the target’s memory, hard to trace, and can load/unload plugins at will. We have a section on Meterpreter where I will explain it in detail.

Auxiliaries

Auxiliaries are modules that help you perform custom functions other than exploiting a system. This includes port scanners, fuzzers, sniffers, etc.

For example, you can use the CERT auxiliary to check for expired SSL certificates on a network. This is useful for system administrations to automate certificate management.

Image for post
Metasploit Auxiliaries

If you are familiar with Ruby, you can write your own auxiliaries. If you want to scan a network for specific vulnerabilities every week, you can write your own custom auxiliary module to do that. You can then use it to scan your network instead of using an existing scanner like Nmap.

Tools

Now that you know how Metasploit functions, let’s look at the tools that Metasploit offers.

msfconsole

MsfConsole is the default interface for Metasploit. It gives you all the commands you need to interact with the Metasploit framework.

It takes a bit of a learning curve to familiarize yourself with the CLI, but once you do, it is easy to work with. Also, MsfConsole is the only way you can access all the features of Metasploit.

Image for post
msfconsole

MsfConsole also offers tab-completion for common commands. Making yourself familiar with the MsfConsole is an important step in your journey to becoming a Metasploit professional.

msfdb

If you are working with large networks on a regular basis, chances are, you will need a place to store your data. This includes scan results, login credentials, and so on.

Metasploit offers a database management tool called msfdb. msfdb works on top of a PostgreSQL database and gives you a list of useful commands to import and export your results.

Image for post
msfdb Commands

With msfdb, you can import scan results from external tools like Nmap or Nessus. Metasploit also offers a native db_nmap command that lets you scan and import results using Nmap within the msfconsole.

MsfVenom

Finally, we have msfvenom (cool name, huh?). msfvenom enables you to generate custom payloads depending on your target.

Using an antivirus or a firewall can make a target system relatively secure. In those cases, existing Metasploit payloads might not work since they are generic for all systems falling under an operating system or a service.

Image for post
msfvenom

msfvenom was built by combining two older tools that Metsploit had: msfpayload and msfencode. msfvenom lets you create and encode custom payloads for your exploits.

Based on the additional information you have on the target, you can craft your own payloads to achieve a higher success rate during your penetration test.

Meterpreter

Metasploit is an advanced payload in Metasploit. Unlike other payloads that perform a specific function, Meterpreter is dynamic and can be scripted on the fly.

Image for post
Meterpreter Functions

If you can exploit a system and inject Meterpreter as the payload, here are some of the things you can do:

  • Establish an encrypted communication between your system and the target.
  • Dump password hashes from the target system.
  • Search for files on the target’s filesystem
  • Upload / Download files
  • Take webcam snapshots

Meterpreter is also incredibly stealthy. Since Meterpreter lives in the memory of the target, it is extremely hard to detect. It is also hard to trace Meterpreter using forensic tools.

Image for post
Meterpreter Python Module

You can write Meterpreter scripts on the fly using Ruby to carry out custom functions. Meterpreter also has a Python module that gives you additional commands to execute python scripts on the target machine.

Armitage

Armitage is a graphical user interface for Metasploit, written in Java. Armitage is considered to be a great addon for pen-testers familiar with the command-line interface.

Image for post
Armitage GUI

The core feature of Armitage is to visualize targets and recommend exploits. Armitage is also scriptable, which means you can automate redundant tasks like host discovery.

Armitage is extremely useful when you are working with a large number of systems in a network. You can use Armitage’s GUI to escalate privileges, browse files, dump password hashes, and so on.

Summary

Metasploit provides a suite of tools for you to perform a complete security audit of a network. Metasploit is frequently updated with the vulnerabilities published in the Common Vulnerabilities and Exploits database.

You can also use other tools like Nmap and Nessus with Metasploit through integrations or by importing their scan reports into Metasploit. Metasploit also has a GUI tool called Armitage that lets you visualize targets and recommend exploits.

If you are interested in learning more about Metasploit, check out the detailed reference guide published by Offensive Security.

What is a Call Center Dialer?

A call center dialer is an application that’s designed to aid in the making of outbound calls. Call center dialers are usage-agnostic; they can be utilized for marketing, sales, customer support, or for notifying customers. Dialers have been used for decades to streamline agent outreach. It began with manual dialers, which provided agents with keypads to dial up each number in a dialing list. Today, manual dialing is still used to make outbound calls, especially when the contact center has low call volumes or when maintaining compliance.

Auto dialers and click-to-call dialers are two of the most popular technologies used in modern call centers. These dialing systems virtually automate the dialing process and increase the number of calls made during a shift. Click-to-call dialers work directly from your CRM and allow you to reach out to leads in a very intuitive manner. Larger companies with specialized needs implement open-source call center software to ensure they have all the features they need and none of the excess they don’t.

How Call Center Dialers Impact Profits

power dialer

Sales is a numbers game. In most situations, you’re going to cast your net wide and hopefully bring in the leads you need. While a lot of businesses would prefer to automate their call center, anyone who uses a fully automated dialer knows that customers prefer speaking to an agent in real-time.

Here are a few things to consider:

  • Dialing agents are needed in order to build rapport during customer interactions.
  • A system that can automate the dialing process can greatly broaden the reach of a business.
  • Computer-based IVR systems can be used to filter out voicemails, busy signals, fax machines, and disconnected numbers.

So, which do you need? Looking at the pros and cons of each of these systems will require an understanding of your reach, the types of customers you encounter, and the size of your contact center, enterprise, or small business. A power dialer is going to shine in situations where you need a more personal touch, and the other dialers are great for pushing volume. Follow our guide to learn which works best for your contact center.

What is a Power Dialer?

Call Recording Main

A power dialer is a straightforward automatic dialing technology that automatically connects prospects with agents only when there’s a live connection. These auto-dialers keep agents from having to manually dial each number by automatically dialing sequentially.

Once a call has ended, a new lead is dialed so that a call is initiated only when an agent is ready to speak to a prospective or existing customer.

Power dialers can come up with phone numbers from a variety of sources. For example, if a business posts their number on Google or through local directory-based services like Yelp or Foursquare, then this info can be used in your center. Certain power dialer software solutions can sweep the web and add this information to the caller ID contacts to the software so that agents can reach out.

Dialers offer CRM integration like Salesforce or CiviCRM to store lead information for future agents to leverage to drive sales. This allows you to see inside sales information and implement lead management seamlessly while making sales calls.

One of the chief advantages of this system is the human factor. Power dialers require agents to update and compile information so that results are garnered. This is a trade-off due to the fact that calls are made on a case-by-case basis. Agents will have to work through various call outcomes other than direct contacts.

These systems work in tandem with the dialer to move to the next call when the agent is ready. Power dialers act like a more like a tool than a “big brother” style of contact center solution for dialing.

Pros of Power Dialers

  • With a power dialer, all the numbers are generated by the dialer, but this also allows an agent to leave voicemail messages and set callbacks with relative ease.
  • With one of these, the data is pulled from a variety of sources. In fact, some contact center software solutions will even pull business numbers from Google searches.
  • These are great for sales teams where an agent may need to gather notes or come up with strategies prior to each call because the call center dialer doesn’t control the dial rate.
  • There’s little or no chance of voicemail problems cropping up because the agent understands the difference between a recording and a live respondent, which is a weakness in progressive systems.
  • These are sometimes called “rapid dialers” for a reason; despite the human component, dialing is still automated, so your team can still make hundreds of dial-outs a day.
  • With the more deliberate style of a power dialer, your agents can compile better information after the call so that future agents can have more context for each lead.

Cons of Power Dialers

  • These are agent-controlled, and sometimes, this can negatively impact sheer call volume.
  • For results, some call centers may have to implement regulations to minimize downtime between calls since a power dialer doesn’t route calls to agents.
  • To be able to effectively wade through the various adverse call outcomes, you may need a more extensive contact center staff.

Power Dialers are Perfect For:

If you have a large team, then this is a great option because your agents can easily have personalized customer engagements. With a system like this, there will be minimal pause between a pick-up and the start of the conversation with an agent.

What is a Predictive Dialer?

predictive dialers

A predictive dialer is a dialing tool for making outbound calls from a list of telephone numbers while screening. With a predictive dialer, the system makes simultaneous calls based on the availability of agents, screening out busy signals, disconnected numbers, and voicemail. If contact is made, the predictive dialer sends the call to an available agent.

The software of the predictive dialer also thoroughly screens out voicemails or fax machines by actively listening to the line. If the dialer detects a pause, then it may automatically deem the call to be a voicemail, and when it does, it may then leave an automated message for the customer.

If you’ve ever received a call and noticed a delay before being connected to an agent, then you’ve most likely have been connected via a predictive dialer. Unfortunately, the delay can be extended if there’s no available agent, which can result in customer hang-ups.

A predictive dialer can work through a number of calls that would have been unprecedented before the advent of the technology.

Pros of Predictive Dialers

  • Multiple numbers are called simultaneously using machine learning.
  • There’s less attrition when it comes to no answer results versus connecting with a potential lead.
  • With a wide variety of calls being made simultaneously based on learned availability, agents spend far less time idle.
  • A call center manager may need far fewer agents than would be required with a progressive- or power-based dialing system since the computer is doing all of the screening simultaneously.

Cons of Predictive Dialers

  • With a predictive dialer, an agent won’t always be available due to the nature of the dialer’s predictive call assignment.
  • Customers can quickly become frustrated and hang up before being connected to a representative.
  • When a customer is presented with a recording that’s designed to segue to a rep, the whole process feels more automated and less personal.
  • Due to call answering patterns being predicted via machine learning, the law of averages can result in some glitches, and agents can still be improperly assigned.
  • These don’t have the capability of leaving voicemail or answering machine messages, so the system will most likely make several passes at the same number.

Predictive Dialers are Perfect For:

Call center dialers push volume and get agents on the line with actual customers. There’s very little downtime for agents, which can be great for earning leads. Cold calling businesses that want to reach out to a larger population may find this to be the best way to go about generating leads.

What is a Progressive Dialer?

progressive dialers

A progressive dialer is a tool for call centers using a subscription dialer to connect only when calls are answered by a live person. The dialer runs relative to the number of agents you have connected. It paces its calling based on abandonment rates and rate of connection.

Like a predictive dialer, progressive dialers are used in several verticals. Research, telemarketing, and collections are more efficient with this computerized system. A progressive dialer doesn’t dial out to multiple numbers at a time like predictive systems, so there’s no potential pause or drawn-out wait time for customers that are contacted via such a system.

Like predictive dialers, progressive dialers only send inbound calls through when there is a contact, but unlike predictive dialers, there will always be an agent on the other end to speak with the lead. Effectively, call routing makes the experience feel more personal and natural than would be possible with a predictive style of dialing. Faster routing helps callers to breeze through an interactive voice response system in a cloud call center.

Pros of Progressive Dialers

  • These are a good in-between for those that don’t want the potential hang-up rates of predictive dialers and want the more personal touch of power dialers.
  • Effectively, the abandonment rate is mitigated by there always being an agent available when contact is made.
  • Similarly to a power dialer, with a progressive dialer, an agent may be able to have time to gather relevant information about respondents before making an outbound call.
  • This is a great system to use for a business-to-business outbound call center due to the fact that these types of calls have a higher success ratio since there are fewer hang-ups.
  • While outbound calling, a progressive dialer will display past information about the previous calls with the respondent.

Cons of Predictive Dialers

  • The Higher dialing rates of predictive systems may yield more results, especially when continually dialing across larger pools of potential respondents.
  • An agent may have to work through up to four phone calls in a call distribution system in order to get to a single live respondent.
  • When is the agent officially considered available? While there’s definitely time for an agent to gather information, the process can definitely lose efficiency due to call center distractions.
  • As a result of things like pauses in a respondent’s answer, a progressive dialer may cause an agent to leave a pre-recorded voicemail when a live person has answered the line.

Predictive Dialers are Perfect For:

Progressive systems provide calls to agents after the “wrap up” phase of the call is completed and the agent has time to compile notes. This is perfect for those businesses where calls have a reasonably standard structure as it helps streamline the process significantly. Some systems even include call recording features to add to the effectiveness of these call center solutions.

Call Center Dialers Make Businesses More Efficient

Every system has advantages for different organizations, helping to maximize outreach. Combined with other technology that reduces hold times or helps agents provide valuable customer experiences, any of these dialers can provide value. Whether you’re an inbound center, outbound sales center, or an omnichannel cloud contact center, these dialing modes add to your marketing automation suite. Give ours a try at CyburDial with the user name of 0000 and the password of demo.

McCraw, C. (2020, May 20). Power Dialers, Predictive Dialers, and Progressive Dialers: The Best Call Center Dialer [Guide]. Retrieved August 31, 2020, from https://getvoip.com/blog/2019/11/22/call-center-dialers/

Client Portals

Client Portal

We have added a client portal login page for clients to be able to control all aspects of their accounts through one easy to use interface. This account pictured below, gives the client the abilities to login to their predictive dialer admin interface, agents can also login to the dialer as well as to the timeclock, access the dynamic portal which allows authorized users to get their IP whitelisted to grant access to the predictive dialer. Then the following tools are to make things easier for people who don’t know how to use linux or MySQL. The Webmin interface to be able to control their dedicated linux server through an easy to use web interface, access to their MySQL data through phpMyAdmin which is also a web interface, and finally access to their wordpress hosted website which comes free with any cloud based predictive dialer service. To top things off, we include both an agent and a managers manual for Vicidial incase you don’t know how to use certain functions, all is explained within these documents and of course, we are available 24/7 at just a phone call, message or trouble ticket away.

Get a free 7″ HD Android Tablet with first order

vicidial scratch install centos

All new customers will receive a free 7″ HD Android tablet with your dialer service. Fill out the form below in order to get started

Get a quote for services


[wpforms id=”494″ title=”false” description=”false”]

How will this save you money?

  1. Host your company website > No more hosting costs
  2. Host your dialer in house: No more dialer hosting costs
  3. PBX System: Eliminate the need for phone service from AT&T or whoever(Keep your current numbers)
  4. Production: Keep track of production with time clock features, CRM integration, tracking sales and cost/profits of individual agents(Is the juice worth the squeeze?)
  5. Dialer Cost: Can be charged per minute(as low as 0.10 per min) or Flat rates based per channels for unlimited
  6. Free tech support for 30 days with initial setup!

Live Demo Available now with Manager and Agent Logins.


Have customers talk to your agents directly through your business website.

Some of the new features of Vicidial:

  • Integrated chat feature between managers and agents
  • Incoming customer chats directed from your website straight to live agents
  • SSL Secure Certificate Capable for security
  • Soundboards agent can play pre-recorded messages thru the dialer
  • More reports than you know what to do with to keep track of every aspect of the business & SO MUCH MORE!
Integrated Viciphone – No softphone’s needed

Schedule a discovery session

Ethical Hacker