DNS Remote Code Execution: Finding the Vulnerability 👾 (Part 1)

Learn tricks and techniques like these, with us, on our embedded device hacking training!
https://flashback.sh/training

In 2019 and 2020, we DOMINATED the router Wide Area Network or WAN category in the Pwn2Own hacker competition. In this category, hackers attack network devices with previously unknown vulnerabilities, from external networks such as the Internet.

Unfortunately, by 2021 our competitors reversed engineered our techniques, and the game was up.

Today, we are starting a video series where we will show you our tips, tricks and techniques to find and exploit WAN vulnerabilities in network devices. And we’re starting with a beautiful DNS exploit that got us $20,000 in prizes.

Let’s get ready to PWN!

In this video, we will tell you the story of how we found CVE-2020-10881 in the Pwn2Own Tokyo 2019 hacking competition and present our Game Plan for exploiting it 🙂

00:00 – Intro
00:50 – WAN vs LAN
03:12 – Target Introduction and Recon
05:23 – Finding an Open Port and Fuzzing It
07:48 – Quick Look in Ghidra for Crash Investigation
10:38 – What is conn-indicator Doing?
12:30 – DNS Protocol
17:50 – A Deeper Look in Ghidra
20:33 – DNS Packet Parsing and the Vulnerability
24:51 – Radek’s Evil Game Plan
28:03 – Our Training

Did you enjoy this video? Then follow us on Twitter, and subscribe to our channel for more awesome hacking videos.

~ Flashback Team
https://flashback.sh
https://twitter.com/FlashbackPwn

Background track: “Hackers” by Karl Casey @WhiteBatAudio​