Denial Of Service attacks with Metasploit

A denial-of-service attack (DoS) is an attempt to make a machine or network resource unavailable to its intended users.

Apache HTTP Server
Apache httpd has been the most popular web server on the Internet since April 1996. It consists of thousand of lines of code and a vast variety of modules and extensions. Therefore, vulnerabilities couldn’t be missing. Apache extension, mod_isapi implements the Internet Server extension API. It allows Internet Server extensions to be served by Apache for Windows. Metasploit module apache_mod_isapi triggers a vulnerability in the Apache mod_isapi extension. In order to trigger this vulnerability, the target server must have an ISAPI module installed and configured. By making a request that terminates abnormally, mod_isapi will unload the ISAPI extension. Later, if another request comes for that ISAPI module, previously obtained pointers will be used resulting in an access violation or potentially arbitrary code execution. To use this module type,

use auxiliary/dos/http/apache_mod_isapi

Type

show options

to view a list of available options. After you have set the options, run the module.

FileZilla FTP Server
FileZilla is an open source FTP client and server software, distributed free of charge under the terms of the GNU General Public License. It is a very popular software. Under Windows, FileZilla is commonly used as a Server. Metasploit is offering two auxiliary modules to perform dos attacks against Windows with FileZilla Server installed.

filezilla_admin_user triggers a Denial of Service condition in the FileZilla FTP Server Administration Interface in versions 0.9.4d and earlier. To select it type

use auxiliary/dos/windows/ftp/filezilla_admin_user

filezilla_server_port triggers a Denial of Service condition in the FileZilla FTP Server versions 0.9.21
and earlier. To select it type

use auxiliary/dos/windows/ftp/filezilla_server_port

 
This post is part of my article about metasploit which was originally published in PenTest Magazine, August issue.

%d bloggers like this: