A script code inject and cross site web vulnerability has been discovered in the Flash Operator Panel v2.31.03. The issue allows an attacker to inject own malicious script code to the application-side of the vulnerable module. This is a short introduction to the FOP2 user interface (showing the basic elements and interactions you can perform with the presentat. Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
- Flash Operator Panel 2 Keygen Generator
- Flash Operator Panel 2 Keygen Download
- Flash Operator Panel 2 Keygen Code
This article details the installation and configuration of Flash Operator Panel 2 for Elastix version 2.3.0 release 8 (running on CentOS5 v2.6.18 release 308.24.1.el5). Flash Operator Panel 2 is an add-on to the Elastix system that can be used to easily see a bird's eye view of all extensions configured within the phone system, see call activity, and transfer / manipulate calls coming to the user's extension who is logged into FOP2.
The installer for FOP2 v2.26 built for CentOS (64-bit version) was downloaded from www.fop2.com.
13 Steps total
Step 1: Transfer the Installer to the Elastix Server - Part 1
Open WinSCP (just an executable that can be downloaded for free).
Without changing any settings, enter the server ip and the username and password to connect to the server. I recommend using the user root and corresponding password to ensure you have the proper permissions to connect.
Once you click Login, you may get a message about a private key file, but click Ok to continue if this happens.
Step 2: Transfer the Installer to the Elastix Server - Part 2
In the left-hand window, you will see files on your computer. Navigate to the directory where the downloaded installer is stored.
In the right-hand window, navigate to the root directory of the Elastix server (/). Create a folder with the name of your choice. In this example, I created one called fop inside the root directory (full path to it is /fop).
Drag the installer from your computer to the target folder on the Elastix server. When the popup window opens, click Copy. That should move the installer to the target directory on the Elastix server.
You can now close WinSCP. It will no longer be needed.
Step 3: Connect to the Elastix Server Using SSH
Use a utility such as Putty to connect to the Elastix server via SSH. You just have to point Putty at the server's ip address and will be prompted to login once you click Open. When the terminal window opens, enter the proper credentials (user root is the only one that will have access), and that should get you in with no issues.
Step 4: Extract FOP2 Using Tarball and Install
After successfully logging into the SSH session, change to the directory where the installer was saved (cd /fop in this case).
Then run the extraction with the command tar zxvf fop2-2.26-centos5-x86_64.tgz (where the .tgz file is the installer downloaded previously).
After all files are extracted successfully, run cd /fop/fop2 to dive into the directory containing the extracted files. Then, run the command make install to install everything into the proper directories as are referenced below.
Step 5: Change the Manager Secret for FOP2 to Match the Asterisk Manager Secret
Run the command cat /etc/asterisk/manager.conf. This will show the contents of manager.conf on the screen. In the area under [admin], make note of the value of a field named secret. This is the Asterisk manager password (the one used to access the Elastix web interface with username admin).
Run vi /usr/local/fop2/fop2.cfg. This opens a Unix text editor. Press the i key on your keyboard to put the editor in insert mode. Find the area at the top of the file under [general]. Change the manager_secret to the same value as you found in the manager.conf file above. Once you have done this, press Esc on the keyboard to exit insert mode. Then type :wq! to exit the vi editor and save the changes.
For good measure, run the command amportal restart once you finish making the changes here.
Step 6: Change Asterisk SIP Settings for FOP
Log in to Elastix and go to PBX -> Unembedded FreePBX.
If you get a message about not having access to FreePBX, go to the Security menu in Elastix and allow access to the Unembedded FreePBX module. You will also have to set the password for user admin if it has not already been set.
Login to FreePBX with the appropriate credentials. From the Tools menu, select Asterisk SIP Settings. In the area labeled Advanced General Settings, find the field for Other SIP Settings. Add callevents = yes, and click submit changes. You will then see a red bar at the top of your browser window that will say Apply Changes. Click this option so the changes will apply to the system.
Step 7: Modify Call Queues
If any call queues have been setup within Elastix, they need to be modified so that FOP2 can detect call events sent to queues.
In the Elastix interface, go to the PBX tab and then click Queues. Any call queues you have setup will be listed on the right-hand side of the screen. For each queue, change the Event When Called field to Yes if it is set to No and save your changes. That is the only field which is important for FOP2.
Step 8: Test the Manager Connection to FOP2
From your SSH session, run /usr/local/fop2/fop2_server --test. You should get a message that says Connection to manager OK!
You may get a message about no license being detected. That can be ignored for the time being even though the screenshot here shows a license being installed already.
Step 9: Avoid Conflicts with FOP1
There is a Flash Operator Panel built into Elastix, and we have to change the port on which it listens (default is 4445) before FOP2 will work properly.
Within your SSH session, run vi /var/www/html/panel/op_server.cfg. Remember to press i to be able to edit the file. Find the line that says ;listen_port=4445 and change it to listen_port=4444. Make sure you uncomment this line by deleting the semicolon (as seen in the screenshot). Press Esc to exit insert mode, and then type :wq! to save changes and exit the file. You can also run /usr/sbin/amportal stop_fop to disable FOP1 completely at this point.
Step 10: Copy the Proper Files
Within the SSH session, navigate back to the FOP2 install directory (which is /fop/fop2 in this example) by running cd /fop/fop2.
Then run the following commands:
mv server /usr/local/fop2
mv html /var/www/html/fop2
This will move all of the proper files for FOP2 to the proper area to be accessed via a web browser.
Step 11: Start the Service
From your SSH session, run service fop2 start, and the service should start with no issues.
Step 12: Register the License
Flash Operator Panel 2 Keygen Generator
The steps we have completed thus far will only install the demo version of FOP2 (view limited to 15 extensions), so you can run /usr/local/fop2/fop2_server --register from a SSH session, enter the registration code sent when you purchased FOP2, and then enter the name you want to use for registration. If you then run the command service fop2 restart, that should restart FOP2 so that you are now using the registered version. You can also run /usr/local/fop2/fop2_server --test to see if FOP2 detects that you have registered a license.
Step 13: Verify that You Can Login to the Web Interface
Once everything has been installed, you can visit http://ipofyourelastixserver/fop2. In our example, it is http://192.168.0.30/fop2. Since we are using Elastix, any extension setup should be able to login using their extension number, and the password will be the same as the extension number's voicemail password.
Just for reference, once this is complete, the FOP2 server is installed in /usr/local/fop2, and the web application is installed in /var/www/html/fop2.
Also, the list of extensions and passwords to access FOP2 can be shown via a SSH session by running /usr/local/fop2/autoconfig-users-freepbx.sh.
References
Flash Operator Panel 2 Keygen Download
- Configuring the Server for FOP2
- Installing FOP2
- Logging into FOP2
- Starting the FOP2 Service