Skip to content

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

License

Notifications You must be signed in to change notification settings

segxi/CVE-2020-1350

 
 

Repository files navigation

This is an educational exercise. Use at your own risk.

CVE-2020-1350 Exploit aka SIGRED

Workaround Fix

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS

Windows Binary PoC

./CVE-2020-1350.exe will run the exploit.

View README.pdf for more information on how to use the binary.

Source code is available here: https://github.com/zoomerxsec/Fake_CVE-2020-1350

Running the exploit on Linux

Change the target IP in exploit.sh then do:

chmod +x exploit.sh
./exploit.sh

Repo Info

  • CVE-2020-1350.exe (sha256sum 9e6da40db7c7f9d5ba679e7439f03ef6aacee9c34f9a3f686d02af34543f2e75) - Benign binary which opens rick roll and pings canary token
  • Fix.bat - Batch file that applies the fix from Microsoft
  • LICENCE - The licence file, also does nothing
  • PoC.exe (sha256sum bf9657ff82065a676bc2aeb07877d5964a193da244e943ee37f08b931c9868b7)- Benign binary which opens cmd.exe and additionally pings canary token
  • README.md - Details the README of the repo
  • windows-exploit.ps1 - Rick roll in shell, also benign

Additional Resources

About

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 98.8%
  • Other 1.2%