关联漏洞
标题:Microsoft Windows DNS Server 输入验证错误漏洞 (CVE-2020-1350)Description:Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows DNS Server 存在输入验证错误漏洞,该漏洞源于程序无法正确处理请求。攻击者可通过发送恶意的请求利用该漏洞在本地系统帐户的上下文中运行任意代码。以下产品及版本受到影响:Windows Server 2008 SP2,Windows Server 2008 R2 SP1,Windows Server 2012,Windows Server 2012 R2,Windo
Description
CVE-2020-1350 Proof-of-Concept
介绍
# CVE-2020-1350
CVE-2020-1350 Proof-of-Concept
Environment Setup
--
1. Download Windows Server 2016
2. Download a Linux box (a secondary box to run this script)
2. Install Active Directory/DNS on Windows Server 2016 (let's say you named your legitimate domain `33y0re.com`)
3. Have _NO_ DNS records on the Windows 2016 server (yet)
4. Create a "forwarder" record on the Windows Server 2016 image with the IP of the Linux box
Usage
--
1. Choose your domain (the "attacking" domain)
2. Calculate how long it is (e.g. `blah` is 0x4 bytes and `.net` is 0x3 bytes)
3. Set `domain_correct` to `\x04blah\03net\x00`
4. Run `python UDP_Response.py` & `python TCP_Response.py`
4. Run from the Windows Server 2016 Image or Linux Box: `nslookup -type=sig 33y0re.com ACTIVE_DIRECTORY_DNS_SERVER_IP` followed by: `nslookup -type=sig 9.MALICIOUS_DOMAIN_FROM_LINUX_BOX_SCRIPT ACTIVE_DIRECTORY_DNS_SERVER_IP`
文件快照
[4.0K] /data/pocs/6381fbd131048ef2b5551a51253f14d0524911f8
├── [ 894] README.md
├── [3.0K] TCP_Response.py
└── [3.3K] UDP_Response.py
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。