ATTACK [PTsecurity] DHCP Client Script WPAD option Exploit (CVE-2018-1111)

SID: 10002975Rev: 10 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert udp any 67 -> $HOME_NET 68 (msg:"ATTACK [PTsecurity] DHCP Client Script WPAD option Exploit (CVE-2018-1111)"; content:"|63 82 53 63|"; fast_pattern; content:"|FC|"; distance:0; byte_extract:1, 0, length, relative; content:"'"; within:length; pcre:"/^[\x20-\x7E]+(sh|nc|wget|curl|echo|cat|id|uname)/Ri"; reference:cve, 2018-1111; reference:url, dynoroot.ninja; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10002975; rev:1;)

References

cve	2018-1111
url	dynoroot.ninja
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!