Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding Cable Haunt WebSocket DoS Module #12818

Merged
merged 5 commits into from
Mar 31, 2020
Merged

Adding Cable Haunt WebSocket DoS Module #12818

merged 5 commits into from
Mar 31, 2020

Conversation

nstarke
Copy link
Contributor

@nstarke nstarke commented Jan 13, 2020

This module exploits a vulnerability in Sagecom
Cable Modems from a variety of manufacturers. Since
the firmware for vulnerable modems will vary based
on Make, Model, and ISP, this module can only be
used to verify the presence of the vulnerability,
and not actually return a shell. Successful
exploitation will most likely disrupt all upstream
services. Module documentation is included in this
commit.

Please refer to module documentation for further information.

Addresses #12817

@nstarke
Adding Cable Haunt WebSocket DoS Module
8593f68 
This module exploits a vulnerability in Sagecom
Cable Modems from a variety of manufacturers. Since
the firmware for vulnerable modems will vary based
on Make, Model, and ISP, this module can only be
used to verify the presence of the vulnerability,
and not actually return a shell. Successful
exploitation will most likely disrupt all upstream
services. Module documentation is included in this
commit.
@nstarke
Copy link
Contributor Author

nstarke commented Jan 13, 2020

I have no idea why this failed, can I get an assist?

@jmartin-tech
Copy link
Contributor

@msjenkins-r7 test this please.

@nstarke nstarke mentioned this pull request Jan 17, 2020
Closed
@nstarke
Copy link
Contributor Author

nstarke commented Jan 22, 2020

Hello, just checking in to see if I can get a review on this module? thanks.

@nstarke
Copy link
Contributor Author

nstarke commented Mar 27, 2020

Just wanted to check in on this, while I'm in 'msf' mode. Can I get a review on this? Thanks!

@nstarke
Copy link
Contributor Author

nstarke commented Mar 27, 2020

I have emailed a PCAP of this to msfdev@metasploit.com in an effort to facilitate progress on this PR.

@wvu wvu self-assigned this Mar 31, 2020
@wvu wvu mentioned this pull request Mar 31, 2020
Merged
@wvu
Copy link
Contributor

wvu commented Mar 31, 2020

@nstarke: Please review, merge, and retest nstarke#5. Thank you.

@nstarke
Copy link
Contributor Author

nstarke commented Mar 31, 2020

Completed. Thanks for your help.

@wvu
Copy link
Contributor

wvu commented Mar 31, 2020

Thank you for the quick response! I'll be able to get this landed shortly. :)

@wvu wvu merged commit 23bc62d into rapid7:master Mar 31, 2020
@wvu
Copy link
Contributor

wvu commented Mar 31, 2020

Release Notes

This adds a WebSocket DoS module for the "Cable Haunt" vulnerability in certain cable modems.

@tperry-r7 tperry-r7 added the rn-modules release notes for new or majorly enhanced modules label Apr 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wvu wvu

Labels
docs module rn-modules release notes for new or majorly enhanced modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@nstarke @jmartin-tech @wvu @bcoles @tperry-r7