All posts for the month February, 2018


Want to scan your network? Get the memcached nmap script.

Nmap the network for open memcached ports (example, replace with your range).

sudo nmap -p 11211 -sU -sS --script memcached-info >> memcrashed.log

Sort nmap log and find IPs that are actually vuln.

cat memcrashed.log | grep -B 16 Authentication | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" >> sorted_memcrashed.log

You can verify with this one liner.

cat sorted_memcrashed.log | while read a; do echo -en "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n" | nc -q1 -u $a 11211 ; done