Skip to content

Commit 668585a

Browse files
rknellxrknellx
committed
Adding documentation
Adding module documentation for ws_dos.
1 parent c992837 commit 668585a

File tree

1 file changed

+61
-0
lines changed
  • documentation/modules/auxiliary/dos/http

1 file changed

+61
-0
lines changed

documentation/modules/auxiliary/dos/http/ws_dos.md

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
## Vulnerable Application
2+
3+
[ws < 1.1.5 || (2.0.0 , 3.3.1)]
4+
(https://nodesecurity.io/advisories/550)
5+
6+
## Vulnerable Analysis
7+
8+
This module exploits a Denial of Service vulnerability in npm module "ws".
9+
By sending a specially crafted value of the Sec-WebSocket-Extensions header
10+
on the initial WebSocket upgrade request, the ws component will crash.
11+
12+
## Verification Steps
13+
14+
1. Start the vulnerable server using the sample server code below `node server.js`
15+
2. Start `msfconsole`
16+
3. `use auxiliary/dos/http/ws_dos`
17+
4. `set RHOST XXX.XXX.XXX.XXX`
18+
5. `run`
19+
6. The server should crash
20+
21+
## Options
22+
23+
None.
24+
25+
## Scenarios
26+
27+
## Server output from crash
28+
```
29+
/Users/sonatype/Downloads/node_modules/ws/lib/Extensions.js:40
30+
paramsList.push(parsedParams);
31+
^
32+
33+
TypeError: paramsList.push is not a function
34+
at value.split.forEach (/Users/sonatype/Downloads/node_modules/ws/lib/Extensions.js:40:16)
35+
at Array.forEach (<anonymous>)
36+
at Object.parse (/Users/sonatype/Downloads/node_modules/ws/lib/Extensions.js:15:20)
37+
at WebSocketServer.completeUpgrade (/Users/sonatype/Downloads/node_modules/ws/lib/WebSocketServer.js:230:30)
38+
at WebSocketServer.handleUpgrade (/Users/sonatype/Downloads/node_modules/ws/lib/WebSocketServer.js:197:10)
39+
at Server.WebSocketServer._ultron.on (/Users/sonatype/Downloads/node_modules/ws/lib/WebSocketServer.js:87:14)
40+
at emitThree (events.js:136:13)
41+
at Server.emit (events.js:217:7)
42+
at onParserExecuteCommon (_http_server.js:495:14)
43+
at onParserExecute (_http_server.js:450:3)
44+
```
45+
46+
## Sample server
47+
```
48+
const WebSocket = require('ws');
49+
const wss = new WebSocket.Server(
50+
{ port: 3000 }
51+
);
52+
wss.on('connection', function connection(ws) {
53+
console.log('connected');
54+
ws.on('message', function incoming(message)
55+
{ console.log('received: %s', message); }
56+
);
57+
ws.on('error', function (err)
58+
{ console.error(err); }
59+
);
60+
});
61+
```

0 commit comments

Comments
 (0)