In previous chapters, we learned to use Metasploit in a variety of attack scenarios. In this recipe, we will focus on Denial-of-Service (DoS) attacks. DoS attacks focus on making resources unavailable for the purpose for which they were designed. DoS modules help penetration testers in attack services figure out if clients are susceptible to such attacks. So let's discuss some of these modules in detail.
In this recipe, we will focus on two of the most commonly attacked protocols, HTTP and SMB.
We will start by having a look at the MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service auxiliary module. This module checks if hosts are vulnerable to CVE-2015-1635 (MS15-034), a vulnerability in the HTTP protocol stack (HTTP.sys
) that could result in arbitrary code execution.
- To use the module, set the target IP address of the Metasploitable 3 target machine and run it:
msf > use auxiliary/dos/http/ms15_034_ulonglongadd msf auxiliary(dos/http/ms15_034_ulonglongadd...