metasploit-gs/documentation/modules/auxiliary/dos/http/ws_dos.md

## Vulnerable Application
ws < 1.1.5 || (2.0.0 , 3.3.1)
https://nodesecurity.io/advisories/550

## Vulnerable Analysis
This module exploits a Denial of Service vulnerability in npm module "ws".
By sending a specially crafted value of the Sec-WebSocket-Extensions header 
on the initial WebSocket upgrade request, the ws component will crash.

## Verification Steps
1. Start the vulnerable server using the sample server code below `node server.js`
2. Start `msfconsole`
3. `use auxiliary/dos/http/ws_dos`
4. `set RHOST <IP>`
5. `run`
6. The server should crash

## Options
None.

## Scenarios

## Server output from crash
```
/Users/sonatype/Downloads/node_modules/ws/lib/Extensions.js:40
    paramsList.push(parsedParams);
               ^

TypeError: paramsList.push is not a function
    at value.split.forEach (/Users/sonatype/Downloads/node_modules/ws/lib/Extensions.js:40:16)
    at Array.forEach (<anonymous>)
    at Object.parse (/Users/sonatype/Downloads/node_modules/ws/lib/Extensions.js:15:20)
    at WebSocketServer.completeUpgrade (/Users/sonatype/Downloads/node_modules/ws/lib/WebSocketServer.js:230:30)
    at WebSocketServer.handleUpgrade (/Users/sonatype/Downloads/node_modules/ws/lib/WebSocketServer.js:197:10)
    at Server.WebSocketServer._ultron.on (/Users/sonatype/Downloads/node_modules/ws/lib/WebSocketServer.js:87:14)
    at emitThree (events.js:136:13)
    at Server.emit (events.js:217:7)
    at onParserExecuteCommon (_http_server.js:495:14)
    at onParserExecute (_http_server.js:450:3)
```

## Sample server
```
const WebSocket = require('ws');
const wss = new WebSocket.Server(
{ port: 3000 }
);
wss.on('connection', function connection(ws) {
console.log('connected');
ws.on('message', function incoming(message)
{ console.log('received: %s', message); }
);
ws.on('error', function (err)
{ console.error(err); }
);
});
```