11/09/2023

DNS Remote Code Execution: Writing the Exploit πŸ’£ (Part 2)

Previously, we showed you how we found a vulnerability in a DNS parser exposed through a router's Wide Area Network (WAN) connection.

Today, we will dive deep into it, and work around its limitations to build a surprisingly complex exploit. So buckle up, and join us on an epic journey to get that sweet remote root shell!

In this video, we will continue our journey into exploiting CVE-2020-10881, which we abused in the Pwn2Own Tokyo 2019 hacking competition to win $20,000 :-)

Next

DNS Remote Code Execution: Finding the Vulnerability πŸ‘Ύ (Part 1)