New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Memcached amplification scanner #9644

Merged
merged 9 commits into from Mar 5, 2018

Conversation

Projects
None yet
4 participants
@xistence
Copy link
Contributor

xistence commented Feb 28, 2018

This module will scan Memcached instances for UDP amplification possibilities using a "stats" request packet.

All details for reproducing and testing are in the provided documentation.

xistence and others added some commits Feb 28, 2018

Merge pull request #1 from jhart-r7/pr/fixup-9643
Use drdos mixin for memcached amp module

@jhart-r7 jhart-r7 changed the title Feature/memcached amp Add Memcached amplification scanner Feb 28, 2018

@jhart-r7
Copy link
Contributor

jhart-r7 left a comment

There is some simplification that can happen in the module to leverage UDPScanner.

Also, module documentation.

])
end

def rport

This comment has been minimized.

@jhart-r7

jhart-r7 Mar 1, 2018

Contributor

This is already present in UDPScanner. Remove.

@memcached_probe = "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n"
end

def scanner_prescan(batch)

This comment has been minimized.

@jhart-r7

jhart-r7 Mar 1, 2018

Contributor

This largely already exists in UDPScanner. Remove.

@results = {}
end

def scan_host(ip)

This comment has been minimized.

@jhart-r7

jhart-r7 Mar 1, 2018

Contributor

If you define build_probe, this method can go away as it duplicates what is already in UDPScanner

@jhart-r7 jhart-r7 self-assigned this Mar 1, 2018

@jhart-r7

This comment has been minimized.

Copy link
Contributor

jhart-r7 commented Mar 1, 2018

I've submitted a PR to fix the UDPScanner duplication as xistence#2. Now for some docs.


def scanner_process(data, shost, sport)
# Check the response data for a "STAT" repsonse
if data =~/\x00\x00\x00\x00\x00\x01\x00\x00STAT\x20/

This comment has been minimized.

@jhart-r7

jhart-r7 Mar 2, 2018

Contributor

This will miss multi-packet responses. Will PR a fix.

jhart-r7 added some commits Mar 2, 2018

@jhart-r7

This comment has been minimized.

Copy link
Contributor

jhart-r7 commented Mar 2, 2018

@xistence I've submitted xistence#2 to fix the various issues I've pointed out.

@jhart-r7 jhart-r7 removed the needs-docs label Mar 2, 2018

jhart-r7 added some commits Mar 4, 2018

@jhart-r7

This comment has been minimized.

Copy link
Contributor

jhart-r7 commented Mar 4, 2018

@xistence when you get a chance, please take a look at xistence#2 -- I believe that will address all concerns raised so far. Thanks for you contribution!

Merge pull request #2 from jhart-r7/pr/fixup-9644
Simplify memcached amplification scanner to use UDPScanner for most of the work
@xistence

This comment has been minimized.

Copy link
Contributor

xistence commented Mar 5, 2018

@jhart-r7 verified all the changes and still works perfectly :)
Thanks for all the help and suggestions!

@jhart-r7 jhart-r7 merged commit 86677b8 into rapid7:master Mar 5, 2018

2 checks passed

Metasploit Automation - Sanity Test Execution Successfully ran sanity checks.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

jhart-r7 added a commit that referenced this pull request Mar 5, 2018

@jhart-r7

This comment has been minimized.

Copy link
Contributor

jhart-r7 commented Mar 5, 2018

Landed. Thanks again @xistence.

msjenkins-r7 added a commit that referenced this pull request Mar 5, 2018

@tdoan-r7

This comment has been minimized.

Copy link
Contributor

tdoan-r7 commented Mar 14, 2018

Release Notes

The auxiliary/scanner/memcached/memcached_amp module has been added to the framework. It scans Memcached instances for UDP amplification possibilities using a "stats" request packet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment