CVE-2020-1350 PoC — Microsoft Windows DNS Server 输入验证错误漏洞

Source

https://github.com/connormcgarr/CVE-2020-1350

Associated Vulnerability

Title:Microsoft Windows DNS Server 输入验证错误漏洞 (CVE-2020-1350)
Description:A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

Description

CVE-2020-1350 Proof-of-Concept

Readme

# CVE-2020-1350
CVE-2020-1350 Proof-of-Concept

Environment Setup
--
1. Download Windows Server 2016
2. Download a Linux box (a secondary box to run this script)
2. Install Active Directory/DNS on Windows Server 2016 (let's say you named your legitimate domain `33y0re.com`)
3. Have _NO_ DNS records on the Windows 2016 server (yet)
4. Create a "forwarder" record on the Windows Server 2016 image with the IP of the Linux box

Usage
--
1. Choose your domain (the "attacking" domain)
2. Calculate how long it is (e.g. `blah` is 0x4 bytes and `.net` is 0x3 bytes)
3. Set `domain_correct` to `\x04blah\03net\x00`
4. Run `python UDP_Response.py` & `python TCP_Response.py`
4. Run from the Windows Server 2016 Image or Linux Box: `nslookup -type=sig 33y0re.com ACTIVE_DIRECTORY_DNS_SERVER_IP` followed by: `nslookup -type=sig 9.MALICIOUS_DOMAIN_FROM_LINUX_BOX_SCRIPT ACTIVE_DIRECTORY_DNS_SERVER_IP`

File Snapshot


 [4.0K]  /data/pocs/6381fbd131048ef2b5551a51253f14d0524911f8
├── [ 894]  README.md
├── [3.0K]  TCP_Response.py
└── [3.3K]  UDP_Response.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!