• Blog
  • Sites & Projects
  • About Me
  • Contact Me

#Memcrashed, It’s Bad Folks

Posted by Lunar on February 28, 2018
Posted in: Infosec, SysAdmin, Tech.

Source: blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/

Want to scan your network? Get the memcached nmap script.

https://nmap.org/nsedoc/scripts/memcached-info.html

Nmap the network for open memcached ports (example, replace with your range).

sudo nmap 127.0.0.1/18 -p 11211 -sU -sS --script memcached-info >> memcrashed.log

Sort nmap log and find IPs that are actually vuln.

cat memcrashed.log | grep -B 16 Authentication | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" >> sorted_memcrashed.log

You can verify with this one liner.

cat sorted_memcrashed.log | while read a; do echo -en "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n" | nc -q1 -u $a 11211 ; done

Posts navigation

← How To Use Dehydrated & Lexicon To Issue A Let’s Encrypt Certificate Via TXT Record Validation
The Stigma of Not Having A Degree →
  • Recent Posts

    • The Chinese government is making 1984 and Black Mirror a reality
    • A dive into the world of nootropics, supplements and mental disorders
    • The world needs more ethical companies
    • The Stigma of Not Having A Degree
    • #Memcrashed, It’s Bad Folks
  • Categories

    • Infosec
    • Journey
    • Opinion
    • Paranormal
    • Politics
    • Privacy
    • Projects
    • Psych
    • Stories
    • SysAdmin
    • Tech
    • Tutorials
  • Archives

    • February 2020
    • January 2020
    • December 2019
    • December 2018
    • February 2018
    • December 2017
    • September 2017
    • December 2016
    • July 2016
    • February 2016
    • September 2015
    • August 2015
    • July 2015
    • March 2015
Hosted on the moon.