1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Auxiliary::Report
8
  include Msf::Exploit::Capture
9
  include Msf::Auxiliary::UDPScanner
10

11
  def initialize
12
    super(
13
      'Name' => 'Memcached UDP Version Scanner',
14
      'Description' => %q(
15
          This module can be used to discover Memcached servers which expose the
16
          unrestricted UDP port 11211. A basic "version" request is executed to obtain
17
          the version of memcached.
18
      ),
19
      'Author' => [
20
        'Jon Hart <[email protected]>' # Metasploit scanner module
21
      ],
22
      'License' => MSF_LICENSE,
23
      'DisclosureDate' => 'Jul 23 2003',
24
      'References' => [
25
        ['URL', 'https://github.com/memcached/memcached/blob/master/doc/protocol.txt']
26
      ]
27
    )
28

29
    register_options(
30
      [
31
        Opt::RPORT(11211)
32
      ]
33
    )
34
  end
35

36
  def build_probe
37
    # Memcached version probe, per https://github.com/memcached/memcached/blob/master/doc/protocol.txt
38
    @memcached_probe ||= [
39
      rand(2**16), # random request ID
40
      0, # sequence number
41
      1, # number of datagrams in this sequence
42
      0, # reserved; must be 0
43
      "version\r\n"
44
    ].pack("nnnna*")
45
  end
46

47
  def scanner_process(data, shost, sport)
48
    # Check the response data for a "VERSION" response
49
    if /VERSION (?<version>[\d\.]+)\r\n/ =~ data
50
      print_good("#{shost}:#{sport}/udp memcached version #{version}")
51
      report_service(
52
        host: shost,
53
        proto: 'udp',
54
        port: rport,
55
        info: version,
56
        name: 'memcached'
57
      )
58
    end
59
  end
60
end
61

62