ZephrFish/CVE-2020-1350_HoneyPoC ZephrFish/CVE-2020-1350_HoneyPoC

  • This repository has been archived on 20/Oct/2021
  • Stars
    star
    280
  • Rank 142,645 (Top 3 %)
  • Language
    PowerShell
  • License
    GNU General Publi...
  • Created almost 4 years ago
  • Updated almost 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ZephrFish/CVE-2020-1350_HoneyPoC
github

ZephrFish

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

This is an educational exercise. Use at your own risk.

CVE-2020-1350 Exploit aka SIGRED

This is a lesson as to why you should not trust binaries on the internet., the workaround fix is genuine.

Workaround Fix

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS

Windows Binary PoC

./CVE-2020-1350.exe will run the exploit.

View README.pdf for more information on how to use the binary.

Source code is available here: https://github.com/zoomerxsec/Fake_CVE-2020-1350

Running the exploit on Linux

Change the target IP in exploit.sh then do:

chmod +x exploit.sh
./exploit.sh

Repo Info

  • CVE-2020-1350.exe (sha256sum 9e6da40db7c7f9d5ba679e7439f03ef6aacee9c34f9a3f686d02af34543f2e75) - Benign binary which opens rick roll and pings canary token
  • Fix.bat - Batch file that applies the fix from Microsoft
  • LICENCE - The licence file, also does nothing
  • PoC.exe (sha256sum bf9657ff82065a676bc2aeb07877d5964a193da244e943ee37f08b931c9868b7)- Benign binary which opens cmd.exe and additionally pings canary token
  • README.md - Details the README of the repo
  • windows-exploit.ps1 - Rick roll in shell, also benign

Additional Resources

More Repositories

1

GoogD0rker

Note: Going through a full re-write of the tooling so the current versions in the repo do not work!
Python
374
star
2

BugBountyTemplates

A collection of templates for bug bounty reporting
312
star
3

DockerAttack

Various Tools and Docker Images
Shell
277
star
4

Wordlists

Various Payload wordlists
224
star
5

Bloodhound-CustomQueries

Custom Queries - Brought Up to BH4.1 syntax
191
star
6

static-tools

Static compiled binaries + scripts ready to use on systems
Lua
151
star
7

BurpFeed

Hacked together script for feeding urls into Burp's Sitemap
Python
89
star
8

AzureAttackKit

Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information
PowerShell
70
star
9

XSSPayloads

Cross Site Scripting Payloads -- Variations
68
star
10

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388
Python
58
star
11

RandomScripts

Random Shell Scripts and other ideas I have along the way
PowerShell
51
star
12

CVE-2021-22893_HoneyPoC2

DO NOT RUN THIS.
Shell
48
star
13

AttackDeploy

Scripts for Deploying new server
Shell
44
star
14

WindowsHardeningScript

Some settings stolen from multiple scripts @ZephrFish
Batchfile
43
star
15

GoogD0rk

Python
43
star
16

Stompy

Timestomp Tool to flatten MAC times with a specific timestamp
C#
42
star
17

AutoHoneyPoC

AutoPoC Generator HoneyPoC
Python
32
star
18

CVE-2023-20198-Checker

CVE-2023-20198 & 0Day Implant Scanner
Python
30
star
19

Exch-CVE-2021-26855

CVE-2021-26855: PoC (Not a HoneyPoC for once!)
Python
27
star
20

CVE-2020-16898

HoneyPoC 2.0: Proof-of-Concept (PoC) script to exploit IPv6 (CVE-2020-16898).
20
star
21

Blog_Backup

A repository with various tutorials on how to do things in Pentesting, setup environments and other things
19
star
22

CVE-2021-41773-PoC

Python
18
star
23

SandboxSpy

Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.
Go
17
star
24

NessusPreFlight

Nessus Preflight(NPF) Check for local and remote systems. Essentially sets three registry keys and restarts a service to allow nessus to scan a machine
PowerShell
17
star
25

PotUtils

Python
14
star
26

CVE-2021-28480_HoneyPoC3

DO NOT RUN THIS.
Shell
11
star
27

MoveIT-WebShellCheck

Python
11
star
28

Autopeeper

Automated Screenshot Tool
Python
10
star
29

XSS

A collection of XSS Attack vectors
9
star
30

MediaCenterSetup

A setup script for Plex, Sonarr, Radarr & Jackett
Shell
9
star
31

xss-proxy

BeEF-inspired XSS proxy service
HTML
9
star
32

NotProxyShellScanner

Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082
Python
8
star
33

PurpleTeamWorkshop-LabManual

Purple Team Workshop by @jorgeorchilles
8
star
34

HeadlessBounties

A shell script that bundles Eyewitness and Sublist3r to create a great fingerprinting tool
Shell
7
star
35

ZephrFish

7
star
36

LogsSteelcon

6
star
37

CSVInjectionPayloads

A list of various ways of injecting payloads for CSV Injection
6
star
38

OldGold

Sysadmin Tools
HTML
5
star
39

PS-Scripts

Useful scripts for labs
PowerShell
5
star
40

DoNotRunMe

4
star
41

Random-Yara-Rules

A collection of yara rules I've gathered over the years :-)
YARA
4
star
42

CVE-2021-22986_Check

CVE-2021-22986 Checker Script in Python3
Python
4
star
43

Exch-CVE-2021-26855_Priv

patched to work
Python
4
star
44

Mailgun-python

Python Wrapper for sending email with mailgun
Python
4
star
45

LegacyResearch

Python
4
star
46

zephrfish.github.io

zsec backup blog
3
star
47

WebSocketsAreFun

FAFO with WebSockets
PowerShell
3
star
48

csc_cypher

Cyber Security Challenge Cipher Challenge
3
star
49

ghostDebian

GhostDeployment Script for Debian
Shell
2
star
50

redsocial

Shell
2
star
51

SSH_Notify

Different Scripts for SSH hardening blog
Python
2
star
52

Writeups

Various write-ups from CTFs, fixes for things and others
2
star
53

CTF-Solutions

2
star
54

cloudathost-debian

Provision Script for Debian on CAC
Shell
2
star
55

Bootspeed

Check the boot speed of a windows machine
Visual Basic
2
star
56

FSMF-BurpExtension

Find Subdomains MoFo - Burp Extension WIP
Python
2
star
57

Sub2CDN

Python
2
star
58

VPNConnectScript

VPN Connection Menu Script, Created in Bash
Shell
2
star
59

LearnTheRopes

An outline as to how to get the basics nailed down before approaching information security as a career
2
star
60

Kali_Setup

Epic Kali Script, oracle and other thinfs need to be added soon.
Shell
2
star
61

subroot

Another subdomain bruteforcer
2
star
62

LTR101

Repository for Breaking into Information Security: Learning the Ropes 101 (https://leanpub.com/ltr101-breaking-into-infosec)
2
star
63

HoffPwn

Hoff in Style
1
star
64

IncomeTaxCalc

A basic python script that takes your weekly wage and works out how much tax you pay
Python
1
star
65

LearningThings

1
star
66

UnlmtdCalc

A python application that takes the Value of a Cineworld Unlimited card and then works out if it's worth while you getting one based upon your film choices
Python
1
star
67

CVE-2024-3400-Canary

Have we not learnt from HoneyPoC?
Python
1
star
68

xfer

ingress tooling
1
star
69

configFiles

zsh stuffs
Shell
1
star
70

SH

PowerShell
1
star