./CVE-2020-1350.exe will run the exploit.

View README.pdf for more information on how to use the binary.

Change the target IP in exploit.sh then do:

chmod +x exploit.sh
./exploit.sh

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS

• https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_exploit_cve_2020_1350.yml - Signa rules for detection
• https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/ - Vulnerability Writeup
• https://blog.menasec.net/2019/02/threat-hunting-24-microsoft-windows-dns.html - Threathunting the vuln
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350 - CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability
• https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/ - July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server

• https://twitter.com/ZephrFish/status/1283162770213670915
• https://twitter.com/ZephrFish/status/1283208383810740227
• https://twitter.com/ZephrFish/status/1283318201506566144

• https://twitter.com/ZephrFish
• https://twitter.com/TJ_Null
• https://twitter.com/ZoomerX
• https://twitter.com/TheCyberViking
• https://twitter.com/rag_sec