DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
Switch branches/tags
Nothing to show
Clone or download
649 Version 4.0
New feature:
- New memory injection technique with "set" and "get" memcache commands
- Payload now is automatically converted into TWO synchronized payloads,
one is set (allows you to write data onto the affected server), the
other is get (allows you to retrieve the stored data but sent TO the
target specified)

Issues:

I've discovered that the Scapy module could be a little faulty. Tests
were conducted and the memcache server you initially send forged packets
to do not even receive the data. This could be a firewall issue but also
a scapy issue.

*If someone can test and see if a memcache server can receive the data
on the specified port 11211 by checking via "get injected", please open
an issue and relay your results. Also feel free to fix any errors I
might have made in this version. I'll be more than happy to merge your
fixes.
Latest commit caeeef0 Apr 5, 2018

README.md

MEMCRASHED DDOS EXPLOIT TOOL

This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io

Prerequisites

The only thing you need installed is Python 3.x

apt-get install python3

You also require to have Scapy and Shodan modules installed

pip install scapy
pip install shodan

Using Shodan API

This tool requires you to own an upgraded Shodan API

You may obtain one for free in Shodan if you sign up using a .edu email

alt text alt text alt text alt text

Using Docker

Demo

You may deploy this tool to the cloud using a light Alpine Docker image.

Note: Make sure to explicitly enter 'y' or 'n' to the interactive prompt

git clone https://github.com/649/Memcrashed-DDoS-Exploit.git
cd Memcrashed-DDoS-Exploit
echo "SHODAN_KEY" > api.txt
docker build -t memcrashed .
docker run -it memcrashed