Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

drdos.rb 1.6KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
  1. # -*- coding: binary -*-
  2. module Msf
  3. ###
  4. #
  5. # This module provides methods for Distributed Reflective Denial of Service (DRDoS) attacks
  6. #
  7. ###
  8. module Auxiliary::DRDoS
  9. def initialize(info = {})
  10. super
  11. register_advanced_options(
  12. [
  13. OptAddress.new('SRCIP', [false, 'Use this source IP']),
  14. OptInt.new('NUM_REQUESTS', [false, 'Number of requests to send', 1]),
  15. ], self.class)
  16. end
  17. def setup
  18. super
  19. if spoofed? && datastore['NUM_REQUESTS'] < 1
  20. raise Msf::OptionValidateError.new(['NUM_REQUESTS']), 'The number of requests must be >= 1'
  21. end
  22. end
  23. def prove_amplification(response_map)
  24. vulnerable = false
  25. proofs = []
  26. response_map.each do |request, responses|
  27. responses ||= []
  28. this_proof = ''
  29. # compute packet amplification
  30. if responses.size > 1
  31. vulnerable = true
  32. this_proof += "#{responses.size}x packet amplification"
  33. else
  34. this_proof += 'No packet amplification'
  35. end
  36. this_proof += ' and '
  37. # compute bandwidth amplification
  38. total_size = responses.map(&:size).reduce(:+)
  39. bandwidth_amplification = total_size - request.size
  40. if bandwidth_amplification > 0
  41. vulnerable = true
  42. multiplier = total_size / request.size
  43. this_proof += "a #{multiplier}x, #{bandwidth_amplification}-byte bandwidth amplification"
  44. else
  45. this_proof += 'no bandwidth amplification'
  46. end
  47. # TODO (maybe): show the request and responses in more detail?
  48. proofs << this_proof
  49. end
  50. [ vulnerable, proofs.join(', ') ]
  51. end
  52. def spoofed?
  53. !datastore['SRCIP'].nil?
  54. end
  55. end
  56. end