Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-1350 PoC — Microsoft Windows DNS Server 输入验证错误漏洞

Source
https://github.com/zoomerxsec/Fake_CVE-2020-1350
Associated Vulnerability
Title:Microsoft Windows DNS Server 输入验证错误漏洞 (CVE-2020-1350)
Description:A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
Description
Fake exploit tool, designed to rickroll users attempting to actually exploit.
Readme
# Fake_CVE-2020-1350
This is the source code for a very crude fake CVE-2020-1350 exploit tool, which developed as part of [honeypot repository](https://github.com/ZephrFish/CVE-2020-135) for the SIGRed vulnerability, with the goal of tracking/mapping interest and attempts to use exploits for this critical vulnerability.  This project was spontaneously launched by [ZephrFish](https://twitter.com/ZephrFish).

**This executable does not perform any exploits or malicious activity.**

The sole actions performed by this code are as follows:

* On launch, an HTTP GET request is sent to a CanaryToken from thinkst's [CanaryTokens.org](https://canarytokens.org). [More Info](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html)
* The GUI contains a single label, text box, and button.
* The text box is intended for an IP and is labeled as such
* When the submit button is pressed, the input is checked for a valid IP.
  * If the input is valid, a second check is performed to see if the input is 127.0.0.1
    * If the input is 127.0.0.1, an error message is displayed ridiculing you for targeting yourself and then continues regardless of Yes/No selection.
    * If the input is NOT 127.0.0.1, no alert is displayed
  * If the input is not valid, the input field is cleared and an alert is displayed stating that the input was not a valid IP
* Once validation passes, the script launches Internet Explorer in 'kiosk' mode pointed to a [Kermit the Frog version of Rick Astley's legendary hit *Never Gonna Give You Up*](https://www.youtube.com/embed/AyOqGRjVtls?autoplay=1&controls=0).
  * iexplore -k https://www.youtube.com/embed/AyOqGRjVtls?autoplay=1&controls=0
  
  
  The code in this repository is identical to *CVE-2020-1350.exe* in the [honeypot repository](https://github.com/ZephrFish/CVE-2020-135).  Please feel free to decompile or reverse the EXE, the checksum is published on the honeypot repository and can be checked against the binary in this repository. CVE-2020-1350.exe (sha256sum 9e6da40db7c7f9d5ba679e7439f03ef6aacee9c34f9a3f686d02af34543f2e75).
  
  
 # DISCLAIMER
 **THIS CODE, AND THE EXECUTIBLE PUBLISHED IN THE HONEYPOT REPOSITORY LISTED ABOVE, IS PROVIDED AS-IS WITHOUT ANY WARRANTY OR GUARANTEES WHATSOEVER.**
 **EXECUTION OF THIS CODE, OR ANY EXECUTABLE COMPLIED FROM IT, IS ENTIRELY AT YOUR OWN RISK.**
 **ANY MODIFICATIONS TO THIS CODE TO CREATE A WORKING EXPLOIT ARE NOT AUTHORIZED.  YOU ARE LIABLE FOR YOUR OWN MODIFICATIONS.**
File Snapshot

 [4.0K]  /data/pocs/1ce41b7500a62caa75deffb85fcc5b84c107165d
├── [118K]  CVE-2020-1350.exe
├── [2.9K]  Main.Designer.vb
├── [1.3K]  Main.vb
└── [2.4K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →