CVE-2020-16898 TCP/IP remote code execution vulnerability
https://github.com/XTaiQue/CVE-2020-16898--EXP-POC poc, exp
Complete study: https://www.freebuf.com/articles/system/252263.html
The following my recurrence process:
The process described by others will not be repeated anymore. Pick some possible situations to realize the explanation
pit:
There may be an error message for installing python: the reason is that the scapy module is not installed or other. There may be no result prompt under the cmd command, then please reinstall the new version of python or use the spyder in anaconda
In addition, modify the script and pay attention to the requirements in the downloaded poc and exp to distinguish the ipv6 address, temporary IPv6 address, and local link IPv6 address. The meaning and requirements of these three
ipv6 address is fixed and easy to understand
The ipv6 temporary address is an ipv6 address that is randomly updated at intervals to communicate with the outside world to protect the real fixed address.
Local connection ipv6 address: The IPv6 link is equivalent to the host link connected to a Layer 2 switch in the enterprise network. A more clear statement is that the link is in the same broadcast domain. If you understand it from the perspective of IPv4, it can be understood as IPv6 links are hosts in the same subnet. Therefore, IPv6 local link addresses can only be used in IPv6 local links. For example, IPv6 hosts in link A and link B use local link addresses to communicate on their respective links, but local links cannot be used Road address completes the communication between link A and link B
success:
The virtual machine is blue screened
There are some means such as information leakage to obtain the target ipv6 address. It is automatically assigned by default, but the router needs to cooperate otherwise there is no ipv6 address and temporary ipv6 address. The exp2 downloaded above did not work (unknown reason)
To be continued