Versions (6)
Version DetailsCurrent
Rev: 1 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] DHCP Client Script WPAD option Exploit (CVE-2018-1111)
alert udp any 67 -> any 68 (msg:"ATTACK [PTsecurity] DHCP Client Script WPAD option Exploit (CVE-2018-1111)"; content:"|63 82 53 63|"; fast_pattern; content:"|FC|"; distance:0; byte_extract:1, 0, length, relative; content:"'"; within:length; pcre:"/^[\x20-\x7E]+(sh|nc|wget|curl|echo|cat|id|uname)/Ri"; reference:cve, 2018-1111; reference:url, dynoroot.ninja; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10002975; rev:1;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules