#Memcrashed, It’s Bad Folks

Posted by Lunar on February 28, 2018
Posted in: Uncategorized.

Source: blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/

Want to scan your network?

[code language=”bash”]
# Get the memcached nmap script – https://nmap.org/nsedoc/scripts/memcached-info.html

# Nmap network for open memcached ports (example, replace with your range)
sudo nmap 127.0.0.1/18 -p 11211 -sU -sS –script memcached-info >> memcrashed.log

# Sort nmap log and find IPs that are actually vuln
cat memcrashed.log | grep -B 16 Authentication | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" >> sorted_memcrashed.log

# Can verify with this one liner
cat sorted_memcrashed.log | while read a; do echo -en "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n" | nc -q1 -u $a 11211 ; done
[/code]