Comments (7)
more info on your configuration?
from sigred_rce_poc.
i have a domain toward my server ip and also i have added wildcard subdomains.
reverse shell is configured and works fine fine, i had tested it manually
from sigred_rce_poc.
can't really say without more info. if you can rerun everything and provide a packet capture would be helpful.
from sigred_rce_poc.
i got no packet from my vulnerable server, nothing
even if i run 'nslookup -type=sig 9.mydomain' manually i get nothing
and last packet i sent was 9.dz.[mydomain] dns sig query
i run this exploit over internet and it really takes too much time, about 1 hour
does it matter?
from sigred_rce_poc.
no, it shouldn't take that long. what it sounds like is that your nameserver configuration is incorrect so every request is timing out. you will see that if you set this up on a local VM network and set up domain forwarding everything works.
from sigred_rce_poc.
I tested out using a custom name server and I think I understand your problem. Please refer to the updated readme that addresses the case of running the exploit over real internet and pull down the updates and try again
thanks for reporting your issue
from sigred_rce_poc.
thank you some such
really, thank you!
from sigred_rce_poc.
Related Issues (14)
- Errors HOT 5
- can't reproduce this exploit in a public network environment HOT 1
- exploit.py [ struct.error: unpack requires a buffer of 8 bytes] HOT 4
- unpack requires a buffer of 8 bytes HOT 4
- Setting up over public network HOT 3
- Getting a crash HOT 5
- Could not Find msvcrt Offset HOT 3
- IndexError: list index out of range
- cannot import system_arg from payload HOT 1
- Potential security issue
- List Index Out of range HOT 1
- Which build version did you use?
- Could not find dns offsets HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sigred_rce_poc.