Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Auxiliary::Report
8
  include Msf::Exploit::Capture
9
  include Msf::Auxiliary::UDPScanner
10

11
  def initialize
12
    super(
13
      'Name'        => 'Memcached UDP Version Scanner',
14
      'Description' => %q(
15
          This module can be used to discover Memcached servers which expose the
16
          unrestricted UDP port 11211. A basic "version" request is executed to obtain
17
          the version of memcached.
18
      ),
19
      'Author'      =>
20
        [
21
          'Jon Hart <[email protected]>' # Metasploit scanner module
22
        ],
23
      'License'     => MSF_LICENSE,
24
      'DisclosureDate' => 'Jul 23 2003',
25
      'References' =>
26
          [
27
            ['URL', 'https://github.com/memcached/memcached/blob/master/doc/protocol.txt']
28
          ]
29
    )
30

31
    register_options(
32
      [
33
        Opt::RPORT(11211)
34
      ]
35
    )
36
  end
37

38
  def build_probe
39
    # Memcached version probe, per https://github.com/memcached/memcached/blob/master/doc/protocol.txt
40
    @memcached_probe ||= [
41
      rand(2**16), # random request ID
42
      0, # sequence number
43
      1, # number of datagrams in this sequence
44
      0, # reserved; must be 0
45
      "version\r\n"
46
    ].pack("nnnna*")
47
  end
48

49
  def scanner_process(data, shost, sport)
50
    # Check the response data for a "VERSION" response
51
    if /VERSION (?<version>[\d\.]+)\r\n/ =~ data
52
      print_good("#{shost}:#{sport}/udp memcached version #{version}")
53
      report_service(
54
        host: shost,
55
        proto: 'udp',
56
        port: rport,
57
        info: version,
58
        name: 'memcached'
59
      )
60
    end
61
  end
62
end
63

64