CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/memcached/memcached_udp_version.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Auxiliary::Report

8
  include Msf::Exploit::Capture

9
  include Msf::Auxiliary::UDPScanner

10


11
  def initialize

12
    super(

13
      'Name'        => 'Memcached UDP Version Scanner',

14
      'Description' => %q(

15
          This module can be used to discover Memcached servers which expose the

16
          unrestricted UDP port 11211. A basic "version" request is executed to obtain

17
          the version of memcached.

18
      ),

19
      'Author'      =>

20
        [

21
          'Jon Hart <[email protected]>' # Metasploit scanner module

22
        ],

23
      'License'     => MSF_LICENSE,

24
      'DisclosureDate' => 'Jul 23 2003',

25
      'References' =>

26
          [

27
            ['URL', 'https://github.com/memcached/memcached/blob/master/doc/protocol.txt']

28
          ]

29
    )

30


31
    register_options(

32
      [

33
        Opt::RPORT(11211)

34
      ]

35
    )

36
  end

37


38
  def build_probe

39
    # Memcached version probe, per https://github.com/memcached/memcached/blob/master/doc/protocol.txt

40
    @memcached_probe ||= [

41
      rand(2**16), # random request ID

42
      0, # sequence number

43
      1, # number of datagrams in this sequence

44
      0, # reserved; must be 0

45
      "version\r\n"

46
    ].pack("nnnna*")

47
  end

48


49
  def scanner_process(data, shost, sport)

50
    # Check the response data for a "VERSION" response

51
    if /VERSION (?<version>[\d\.]+)\r\n/ =~ data

52
      print_good("#{shost}:#{sport}/udp memcached version #{version}")

53
      report_service(

54
        host: shost,

55
        proto: 'udp',

56
        port: rport,

57
        info: version,

58
        name: 'memcached'

59
      )

60
    end

61
  end

62
end

63


64