Module: Msf::Auxiliary::DRDoS

Defined in:
lib/msf/core/auxiliary/drdos.rb

Overview

This module provides methods for Distributed Reflective Denial of Service (DRDoS) attacks

Instance Method Summary collapse

Instance Method Details

#initialize(info = {}) ⇒ Object


11
12
13
14
15
16
17
18
# File 'lib/msf/core/auxiliary/drdos.rb', line 11

def initialize(info = {})
  super
  register_advanced_options(
    [
      OptAddress.new('SRCIP', [false, 'Use this source IP']),
      OptInt.new('NUM_REQUESTS', [false, 'Number of requests to send', 1]),
    ], self.class)
end

#prove_amplification(response_map) ⇒ Object


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/msf/core/auxiliary/drdos.rb', line 27

def prove_amplification(response_map)
  vulnerable = false
  proofs = []
  response_map.each do |request, responses|
    responses ||= []
    this_proof = ''

    # compute packet amplification
    if responses.size > 1
      vulnerable = true
      this_proof += "#{responses.size}x packet amplification"
    else
      this_proof += 'No packet amplification'
    end

    this_proof += ' and '

    # compute bandwidth amplification
    total_size = responses.map(&:size).reduce(:+)
    bandwidth_amplification = total_size - request.size
    if bandwidth_amplification > 0
      vulnerable = true
      if request.size == 0
        multiplier = total_size
      else
        multiplier = total_size / request.size
      end
      this_proof += "a #{multiplier}x, #{bandwidth_amplification}-byte bandwidth amplification"
    else
      this_proof += 'no bandwidth amplification'
    end

    # TODO (maybe): show the request and responses in more detail?
    proofs << this_proof
  end

  [ vulnerable, proofs.join(', ') ]
end

#setupObject


20
21
22
23
24
25
# File 'lib/msf/core/auxiliary/drdos.rb', line 20

def setup
  super
  if spoofed? && datastore['NUM_REQUESTS'] < 1
    raise Msf::OptionValidateError.new(['NUM_REQUESTS - The number of requests must be >= 1'])
  end
end

#spoofed?Boolean

Returns:

  • (Boolean)

66
67
68
# File 'lib/msf/core/auxiliary/drdos.rb', line 66

def spoofed?
  !datastore['SRCIP'].nil?
end