关联漏洞
标题:Microsoft Windows DNS Server 输入验证错误漏洞 (CVE-2020-1350)Description:Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows DNS Server 存在输入验证错误漏洞,该漏洞源于程序无法正确处理请求。攻击者可通过发送恶意的请求利用该漏洞在本地系统帐户的上下文中运行任意代码。以下产品及版本受到影响:Windows Server 2008 SP2,Windows Server 2008 R2 SP1,Windows Server 2012,Windows Server 2012 R2,Windo
Description
Fake exploit tool, designed to rickroll users attempting to actually exploit.
介绍
# Fake_CVE-2020-1350
This is the source code for a very crude fake CVE-2020-1350 exploit tool, which developed as part of [honeypot repository](https://github.com/ZephrFish/CVE-2020-135) for the SIGRed vulnerability, with the goal of tracking/mapping interest and attempts to use exploits for this critical vulnerability. This project was spontaneously launched by [ZephrFish](https://twitter.com/ZephrFish).
**This executable does not perform any exploits or malicious activity.**
The sole actions performed by this code are as follows:
* On launch, an HTTP GET request is sent to a CanaryToken from thinkst's [CanaryTokens.org](https://canarytokens.org). [More Info](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html)
* The GUI contains a single label, text box, and button.
* The text box is intended for an IP and is labeled as such
* When the submit button is pressed, the input is checked for a valid IP.
* If the input is valid, a second check is performed to see if the input is 127.0.0.1
* If the input is 127.0.0.1, an error message is displayed ridiculing you for targeting yourself and then continues regardless of Yes/No selection.
* If the input is NOT 127.0.0.1, no alert is displayed
* If the input is not valid, the input field is cleared and an alert is displayed stating that the input was not a valid IP
* Once validation passes, the script launches Internet Explorer in 'kiosk' mode pointed to a [Kermit the Frog version of Rick Astley's legendary hit *Never Gonna Give You Up*](https://www.youtube.com/embed/AyOqGRjVtls?autoplay=1&controls=0).
* iexplore -k https://www.youtube.com/embed/AyOqGRjVtls?autoplay=1&controls=0
The code in this repository is identical to *CVE-2020-1350.exe* in the [honeypot repository](https://github.com/ZephrFish/CVE-2020-135). Please feel free to decompile or reverse the EXE, the checksum is published on the honeypot repository and can be checked against the binary in this repository. CVE-2020-1350.exe (sha256sum 9e6da40db7c7f9d5ba679e7439f03ef6aacee9c34f9a3f686d02af34543f2e75).
# DISCLAIMER
**THIS CODE, AND THE EXECUTIBLE PUBLISHED IN THE HONEYPOT REPOSITORY LISTED ABOVE, IS PROVIDED AS-IS WITHOUT ANY WARRANTY OR GUARANTEES WHATSOEVER.**
**EXECUTION OF THIS CODE, OR ANY EXECUTABLE COMPLIED FROM IT, IS ENTIRELY AT YOUR OWN RISK.**
**ANY MODIFICATIONS TO THIS CODE TO CREATE A WORKING EXPLOIT ARE NOT AUTHORIZED. YOU ARE LIABLE FOR YOUR OWN MODIFICATIONS.**
文件快照
[4.0K] /data/pocs/1ce41b7500a62caa75deffb85fcc5b84c107165d
├── [118K] CVE-2020-1350.exe
├── [2.9K] Main.Designer.vb
├── [1.3K] Main.vb
└── [2.4K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。