CVE-2020-1350

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

This is an educational exercise Use at your own risk CVE-2020-1350 Exploit aka SIGRED This is a lesson as to why you should not trust binaries on the internet, the workaround fix is genuine Workaround Fix reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f net stop DNS &amp

DO NOT RUN THIS.

CVE-2021-22893 THIS IS NOT A REAL EXPLOIT IT IS A HONEYPOC (blogzsecuk/cve-2020-1350-honeypoc/) Proof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893 DO NOT RUN THIS Usage Achieves RCE on Pulse Secure VPNs chmod +x exploitsh /exploitsh 10001 /exploitsh -l <ListoFIPs> /exploitsh -l IPListtxt

DO NOT RUN THIS.

CVE-2021-22893 THIS IS NOT A REAL EXPLOIT IT IS A HONEYPOC (blogzsecuk/cve-2020-1350-honeypoc/) Proof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893 DO NOT RUN THIS Usage Achieves RCE on Pulse Secure VPNs chmod +x exploitsh /exploitsh 10001 /exploitsh -l <ListoFIPs> /exploitsh -l IPListtxt

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Contains Custom NSE scripts CVE-2020-0796 NSE script to detect vulnerable CVE-2020-0796 issue, with Microsoft SMBv3 Compression (aka coronablue, SMBGhost) The script is a modified version of smb-protocolsnse script with a modified output data for v311 detection and validating CVE-2020-0796 Note: This script just safe checks for CVE-2020-0796 vulnerability on SMBv3 and doesn&

Detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed)

CVE-2020-1350 (AKA SIGRed) v030 Summary: A Zeek package for detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed - CVE Score of 100) References: researchcheckpointcom/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/ portalmsrcmicrosoftcom/en-US/security-guidance/advisory/

A tool for Baiting Insider Threats into running an exploit based off research conducted with Myself @ZepherFish, @tjnull, @Zoomerx

Insider_Threat_Bait A tool for Baiting Insider Threats into running an exploit based off research conducted with Myself and twittercom/TJ_Null twittercom/ZephrFish twittercom/ZoomerX The original Research can be found : blogzsecuk/cve-2020-1350-honeypoc/ So how does this work Build the CanaryToken - canarytokensorg/generate Build th

Diaphora, the most advanced Free and Open Source program diffing tool.

δiaphora Diaphora (διαφορά, Greek for 'difference') version 312 is the most advanced program diffing tool (working as an IDA plugin) available as of today (2024) It was released first during SyScan 2015 and has been actively maintained ever since: Diaphora has been ported to every single minor version of IDA since 68 to 8

CVE-2020-1350 Proof-of-Concept

CVE-2020-1350 CVE-2020-1350 Proof-of-Concept Environment Setup Download Windows Server 2016 Download a Linux box (a secondary box to run this script) Install Active Directory/DNS on Windows Server 2016 (let's say you named your legitimate domain 33y0recom) Have NO DNS records on the Windows 2016 server (yet) Create a "forwarder" record on the Windows Server 201

PoC Remote Code Execution Exploit for CVE-2020-1350, SigRed by: chompie For research purposes only Use at your own risk Exploit Writeup My write up on the construction of this exploit can be found here: chompierip/Blog+Posts/Anatomy+of+an+Exploit+-+RCE+with++SIGRed Environment Setup Lab Environment: Setting a Forwarder For demo/testing purposes, just set up a condit

Blogs, Tools and other available resources for source code review.

Blogs, Tools and other available resources for source code review Blogs SSRF to RCE with Jolokia and MBeans Anatomy of an Exploit: RCE with CVE-2020-1350 SIGRed Reproducing the Microsoft Exchange Proxylogon Exploit Chain Java-Deserialization-Cheat-Sheet EXIF RCE Argument injection in dragonfly gem Pre-Auth RCE in ForgeRock WOO-Commerce SQLI Deserialization on Rails Confluence

CVE-2020-1350 (SigRED) Workaround to mitigate the impact of the vulnerability by reducing the TCP Recieve Packet Size Maximum Limit on the DNS Server and restarting DNS

Bash Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2003 up to Windows Server 2019.

cve-2020-1350 Bash Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350) Achieves Domain Admin on Domain Controllers running Windows Server 2003 up to Windows Server 2019 ==================================================== To run, from a Linux host on a Windows Active Directory Network: ~# chmod +x cve-2020-1350sh ~# /cve-2020-1350sh 10001 ===================

Windows registry mitigation response to CVE-2020-1350

Overview Microsoft announced CVE-2020-1350 on July 14 2020 This vulnerability in Windows DNS server goes back to Server 2003 and is broadly thought to be wormable This script follows the intructions from KB456509 (supportmicrosoftcom/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability) to mitigate the issues without rebooting the server For Da

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Contains Custom NSE scripts CVE-2020-0796 NSE script to detect vulnerable CVE-2020-0796 issue, with Microsoft SMBv3 Compression (aka coronablue, SMBGhost) The script is a modified version of smb-protocolsnse script with a modified output data for v311 detection and validating CVE-2020-0796 Note: This script just safe checks for CVE-2020-0796 vulnerability on SMBv3 and doesn&

solution-pack-ips-alert-triage alerts to showcase vulnerability correlation capabilities SIEM IPS Alert Triage through CVE correlation In this scenario a SIEM system (FortiSIEM) triggers an Incident every time the IPS (FortiGate) logs a Permitted Inbound IPS packet FortiSIEM then opens an alert in FortiSOAR which is maps all the incident artifacts and proceeds to validate if t

Contains Custom NSE scripts CVE-2020-0796 NSE script to detect vulnerable CVE-2020-0796 issue, with Microsoft SMBv3 Compression (aka coronablue, SMBGhost) The script is a modified version of smb-protocolsnse script with a modified output data for v311 detection and validating CVE-2020-0796 Note: This script just safe checks for CVE-2020-0796 vulnerability on SMBv3 and doesn&

This Powershell Script is checking if your server is vulnerable for the CVE-2020-1350 Remote Code Execution flaw in the Windows DNS Service

Warning This repository has been archived and is no longer actively maintained CVE-2020-1350 This Powershell Script is checking if your server is vulnerable for the CVE-2020-1350 Remote Code Execution flaw in the Windows DNS Service Supported OS for this workaround script Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Note: Script is not s

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Contains Custom NSE scripts CVE-2020-0796 NSE script to detect vulnerable CVE-2020-0796 issue, with Microsoft SMBv3 Compression (aka coronablue, SMBGhost) The script is a modified version of smb-protocolsnse script with a modified output data for v311 detection and validating CVE-2020-0796 Note: This script just safe checks for CVE-2020-0796 vulnerability on SMBv3 and doesn&

Windows-DNS-SIGRed This profile identifies systems that are missing one or more of the required patches to address CVE-2020-1350, Windows DNS Server Remote Code Execution Vulnerability This profile utilizes InSpec's describeone method to test against the multiple KB's without the need for complex OS version logic It will also consider the workaround registry key as

Denial of Service PoC for CVE-2020-1350 (SIGRed)

CVE-2020-1350 SIGRed Denial of Service PoC Exploit This repo has my version of a DoS PoC exploit for the SIGRed vulnerability disclosed by MS and Check Point Research on July 14th, 2020 @maxpl0it also wrote a PoC that he published on July 15th, but I structured my exploit a little differently than they did so I thought it still presented value to release this for blue teams to

Scanner and Mitigator for CVE 2020-1350

CVE-2020-1350 Scanner and Mitigator for CVE 2020-1350 How to run: 1- Run as Administrator windows commandline 2- powershell -ExecutionPolicy Bypass -File CVE-2020-1350ps1

DNS Vulnerability - CVE-2020-1350

This is an educational exercise for honeypot Use at your own risk CVE-2020-1350 DNS Vulnerability - CVE-2020-1350 Windows Binary PoC /cve20201350exe

A powershell script to deploy the registry mitigation key for CVE-2020-1350

This is a powershell script that'll grab all the AD servers for the domain your computer is on It'll then set the CVE 2020-1350 DNS workaround on those servers and restart DNS NOTE!! it will restart DNS so you might need a maintenance window to run it This workaround does not mean that you can avoid patching your servers but it should help buy you some time especia

2020 阅读清单总结 [TOC] 编译器设计 ==名称== ==Reference== make programming languages(interpreter) craftinginterpreterscom/contentshtml The Secret Sauce in Efficient and Precise Static Analysis boddende/pubs/bodden18secretpdf Feral-(C++14写的编程语言解释器) wwwredditcom/r/cpp/comments/fvkb66/a_programming_language_int

Collection of PowerShell functinos and scripts a Blue Teamer might use

PowerShell-Blue-Team Collection of PowerShell functions and scripts a Blue Teamer might use Watch-PortScanps1 This cmdlet is used to discover attemtped port scans on a device It runs on an infinite loop This cmdlet can be used to send an email alert containing the log information, it can automatically added a source IP addresses accused of port scanning to the Windows Fi

A denial-of-service proof-of-concept for CVE-2020-1350

CVE-2020-1350 (SIGRed) - Windows DNS DoS Exploit Credits for the bug are entirely down to Check Point Research (@_cpresearch_) who did an incredible writeup of this bug (props to @sagitz_ for the post) Their writeup can be found here This exploit was written by @maxpl0it Quick summary of how it works: On the LAN you trigger a DNS request (more specifically, a request for the

Fake exploit tool, designed to rickroll users attempting to actually exploit.

Fake_CVE-2020-1350 This is the source code for a very crude fake CVE-2020-1350 exploit tool, which developed as part of honeypot repository for the SIGRed vulnerability, with the goal of tracking/mapping interest and attempts to use exploits for this critical vulnerability This project was spontaneously launched by ZephrFish This executable does not perform any exploits or m

alerts to showcase vulnerability correlation capabilities

solution-pack-ips-alert-triage alerts to showcase vulnerability correlation capabilities SIEM IPS Alert Triage through CVE correlation In this scenario a SIEM system (FortiSIEM) triggers an Incident every time the IPS (FortiGate) logs a Permitted Inbound IPS packet FortiSIEM then opens an alert in FortiSOAR which is maps all the incident artifacts and proceeds to validate if t

δiaphora Diaphora (διαφορά, Greek for 'difference') version 30 is the most advanced program diffing tool (working as an IDA plugin) available as of today (2023) It was released first during SyScan 2015 and has been actively maintained since this year: it has been ported to every single minor version of IDA since 68 to 83

OSCP-Resources Priv Esc Linux payatucom/guide-linux-privilege-escalation githubcom/Anon-Exploiter/SUID3NUM Windows githubcom/Gr1mmie/Windows-Privilege-Escalation-Resources wwwudemycom/course/windows-privilege-escalation/ githubcom/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Es

A registry-based workaround can be used to help protect an affected Windows server, and it can be implemented without requiring an administrator to restart the server. Because of the volatility of this vulnerability, administrators may have to implement the workaround before they apply the security update in order to enable them to update their …

KB4569509: Guidance for DNS Server Vulnerability CVE-2020-1350 Introduction On July 14, 2020, Microsoft released a security update for the issue that is described in CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability This advisory describes a Critical Remote Code Execution (RCE) vulnerability that affects Windows servers that are configured to run the DNS S