CoCalc -- memcached_udp

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/documentation/modules/auxiliary/scanner/memcached/memcached_udp_version.md
²¹⁶⁶⁰ views

Vulnerable Application

Any instance of memcached with the UDP listener enabled will suffice.

Instructions for testing against CentOS 7 and a Dockerized endpoint are provided below.

CentOS 7

To a CentOS 7 instance, simply install and start memcached, as it listens on 0.0.0.0 by default'

yum -y install memcached
systemctl start memcached

Docker Install

In memcached 1.5.5 and earlier, the daemon is affected by default. As such, we can use the community supported memcached container and simply expose it:

docker run -ti --rm -p 11211:11211/udp memcached:1.5.5

Verification Steps

Install the application
Start msfconsole
Do: use auxiliary/scanner/memcached/memcached_udp_version
Do: set rhosts [IPs]
Do: run
Confirm that the endpoint is discovered to be running memcached and the version is displayed

Scenarios

CentOS 7

Configure memcached as described above.

msf > use auxiliary/scanner/memcached/memcached_udp_version
msf auxiliary(scanner/memcached/memcached_udp_version) > set RHOSTS a.b.c.d
RHOSTS => a.b.c.d
msf auxiliary(scanner/memcached/memcached_udp_version) > run

[+] a.b.c.d:11211/udp memcached version 1.4.15
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Docker

Configure memcached in docker as described above.

msf > use auxiliary/scanner/memcached/memcached_udp_version
msf auxiliary(scanner/memcached/memcached_udp_version) > set RHOSTS a.b.c.d
RHOSTS => a.b.c.d
msf auxiliary(scanner/memcached/memcached_udp_version) > run

[+] a.b.c.d:11211/udp memcached version 1.5.5
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Vulnerable Application

CentOS 7

Docker Install

Verification Steps

Scenarios

CentOS 7

Docker

Product

Resources

Company