ZephrFish/CVE-2020-1350_HoneyPoC ZephrFish/CVE-2020-1350_HoneyPoC

  • This repository has been archived on 20/Oct/2021
  • Stars
    star
    280
  • Rank 147,492 (Top 3 %)
  • Language
    PowerShell
  • License
    GNU General Publi...
  • Created over 4 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ZephrFish/CVE-2020-1350_HoneyPoC
github

ZephrFish

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

This is an educational exercise. Use at your own risk.

CVE-2020-1350 Exploit aka SIGRED

This is a lesson as to why you should not trust binaries on the internet., the workaround fix is genuine.

Workaround Fix

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS

Windows Binary PoC

./CVE-2020-1350.exe will run the exploit.

View README.pdf for more information on how to use the binary.

Source code is available here: https://github.com/zoomerxsec/Fake_CVE-2020-1350

Running the exploit on Linux

Change the target IP in exploit.sh then do:

chmod +x exploit.sh
./exploit.sh

Repo Info

  • CVE-2020-1350.exe (sha256sum 9e6da40db7c7f9d5ba679e7439f03ef6aacee9c34f9a3f686d02af34543f2e75) - Benign binary which opens rick roll and pings canary token
  • Fix.bat - Batch file that applies the fix from Microsoft
  • LICENCE - The licence file, also does nothing
  • PoC.exe (sha256sum bf9657ff82065a676bc2aeb07877d5964a193da244e943ee37f08b931c9868b7)- Benign binary which opens cmd.exe and additionally pings canary token
  • README.md - Details the README of the repo
  • windows-exploit.ps1 - Rick roll in shell, also benign

Additional Resources

More Repositories

1

GoogD0rker

Note: Going through a full re-write of the tooling so the current versions in the repo do not work!
Python
374
star
2

BugBountyTemplates

A collection of templates for bug bounty reporting
312
star
3

DockerAttack

Various Tools and Docker Images
Shell
277
star
4

Wordlists

Various Payload wordlists
224
star
5

Bloodhound-CustomQueries

Custom Queries - Brought Up to BH4.1 syntax
202
star
6

static-tools

Static compiled binaries + scripts ready to use on systems
Lua
151
star
7

WindowsHardeningScript

Some settings stolen from multiple scripts @ZephrFish
Batchfile
99
star
8

BurpFeed

Hacked together script for feeding urls into Burp's Sitemap
Python
92
star
9

AzureAttackKit

Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information
PowerShell
72
star
10

XSSPayloads

Cross Site Scripting Payloads -- Variations
68
star
11

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388
Python
59
star
12

RandomScripts

Random Shell Scripts and other ideas I have along the way
PowerShell
51
star
13

CVE-2021-22893_HoneyPoC2

DO NOT RUN THIS.
Shell
48
star
14

Stompy

Timestomp Tool to flatten MAC times with a specific timestamp
C#
45
star
15

GoogD0rk

Python
44
star
16

AttackDeploy

Scripts for Deploying new server
Shell
44
star
17

AutoHoneyPoC

AutoPoC Generator HoneyPoC
Python
33
star
18

CVE-2023-20198-Checker

CVE-2023-20198 & 0Day Implant Scanner
Python
31
star
19

DynamicMSBuilder

A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
C#
30
star
20

Exch-CVE-2021-26855

CVE-2021-26855: PoC (Not a HoneyPoC for once!)
Python
27
star
21

ADFSDump-PS

PowerShell Implementation of ADFSDump to assist with GoldenSAML
PowerShell
27
star
22

ChunkyIngress

Solving problems I didn't think I'd have on a saturday with clipboard copy pasta limits with powershell
PowerShell
23
star
23

CVE-2020-16898

HoneyPoC 2.0: Proof-of-Concept (PoC) script to exploit IPv6 (CVE-2020-16898).
20
star
24

Blog_Backup

A repository with various tutorials on how to do things in Pentesting, setup environments and other things
19
star
25

CVE-2021-41773-PoC

Python
18
star
26

SandboxSpy

Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.
Go
18
star
27

NessusPreFlight

Nessus Preflight(NPF) Check for local and remote systems. Essentially sets three registry keys and restarts a service to allow nessus to scan a machine
PowerShell
17
star
28

PotUtils

Python
15
star
29

HelloJackHunter

Research into WinSxS binaries and finding hijackable paths
C#
13
star
30

LOLSearches

Living off the land searches for explorer and sharepoint
11
star
31

CVE-2021-28480_HoneyPoC3

DO NOT RUN THIS.
Shell
11
star
32

MoveIT-WebShellCheck

Python
11
star
33

Autopeeper

Automated Screenshot Tool
Python
10
star
34

MediaCenterSetup

A setup script for Plex, Sonarr, Radarr & Jackett
Shell
9
star
35

xss-proxy

BeEF-inspired XSS proxy service
HTML
9
star
36

XSS

A collection of XSS Attack vectors
9
star
37

NotProxyShellScanner

Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082
Python
8
star
38

ZephrFish

8
star
39

PurpleTeamWorkshop-LabManual

Purple Team Workshop by @jorgeorchilles
8
star
40

HeadlessBounties

A shell script that bundles Eyewitness and Sublist3r to create a great fingerprinting tool
Shell
7
star
41

LogsSteelcon

6
star
42

OldGold

Sysadmin Tools
HTML
6
star
43

CSVInjectionPayloads

A list of various ways of injecting payloads for CSV Injection
6
star
44

PS-Scripts

Useful scripts for labs
PowerShell
5
star
45

LegacyResearch

Python
5
star
46

DoNotRunMe

4
star
47

Random-Yara-Rules

A collection of yara rules I've gathered over the years :-)
YARA
4
star
48

CVE-2021-22986_Check

CVE-2021-22986 Checker Script in Python3
Python
4
star
49

Exch-CVE-2021-26855_Priv

patched to work
Python
4
star
50

Mailgun-python

Python Wrapper for sending email with mailgun
Python
4
star
51

WebSocketsAreFun

FAFO with WebSockets
PowerShell
3
star
52

csc_cypher

Cyber Security Challenge Cipher Challenge
3
star
53

zephrfish.github.io

zsec backup blog
3
star
54

CVE-2024-4577-PHP-RCE

PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template
Go
3
star
55

ghostDebian

GhostDeployment Script for Debian
Shell
2
star
56

redsocial

Shell
2
star
57

SSH_Notify

Different Scripts for SSH hardening blog
Python
2
star
58

Writeups

Various write-ups from CTFs, fixes for things and others
2
star
59

CTF-Solutions

2
star
60

cloudathost-debian

Provision Script for Debian on CAC
Shell
2
star
61

Bootspeed

Check the boot speed of a windows machine
Visual Basic
2
star
62

FSMF-BurpExtension

Find Subdomains MoFo - Burp Extension WIP
Python
2
star
63

CVE-2024-3400-Canary

Have we not learnt from HoneyPoC?
Python
2
star
64

Sub2CDN

Python
2
star
65

LearnTheRopes

An outline as to how to get the basics nailed down before approaching information security as a career
2
star
66

VPNConnectScript

VPN Connection Menu Script, Created in Bash
Shell
2
star
67

Kali_Setup

Epic Kali Script, oracle and other thinfs need to be added soon.
Shell
2
star
68

subroot

Another subdomain bruteforcer
2
star
69

LTR101

Repository for Breaking into Information Security: Learning the Ropes 101 (https://leanpub.com/ltr101-breaking-into-infosec)
2
star
70

HoffPwn

Hoff in Style
1
star
71

IncomeTaxCalc

A basic python script that takes your weekly wage and works out how much tax you pay
Python
1
star
72

UnlmtdCalc

A python application that takes the Value of a Cineworld Unlimited card and then works out if it's worth while you getting one based upon your film choices
Python
1
star
73

LearningThings

1
star
74

xfer

ingress tooling
1
star
75

configFiles

zsh stuffs
Shell
1
star
76

SH

PowerShell
1
star
77

zephrsnaps.github.io

1
star