CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/dos/http/ws_dos.md
Views: 1904
Vulnerable Application
ws < 1.1.5 || (2.0.0 , 3.3.1) https://nodesecurity.io/advisories/550
Vulnerable Analysis
This module exploits a Denial of Service vulnerability in npm module "ws". By sending a specially crafted value of the Sec-WebSocket-Extensions header on the initial WebSocket upgrade request, the ws component will crash.
Verification Steps
Start the vulnerable server using the sample server code below
node server.js
Start
msfconsole
use auxiliary/dos/http/ws_dos
set RHOST <IP>
run
The server should crash
Options
None.