/Fake_CVE-2020-1350

Fake exploit tool, designed to rickroll users attempting to actually exploit.

Primary LanguageVisual Basic .NET

Fake_CVE-2020-1350

This is the source code for a very crude fake CVE-2020-1350 exploit tool, which developed as part of honeypot repository for the SIGRed vulnerability, with the goal of tracking/mapping interest and attempts to use exploits for this critical vulnerability. This project was spontaneously launched by ZephrFish.

This executable does not perform any exploits or malicious activity.

The sole actions performed by this code are as follows:

  • On launch, an HTTP GET request is sent to a CanaryToken from thinkst's CanaryTokens.org. More Info

  • The GUI contains a single label, text box, and button.

  • The text box is intended for an IP and is labeled as such

  • When the submit button is pressed, the input is checked for a valid IP.

    • If the input is valid, a second check is performed to see if the input is 127.0.0.1
      • If the input is 127.0.0.1, an error message is displayed ridiculing you for targeting yourself and then continues regardless of Yes/No selection.
      • If the input is NOT 127.0.0.1, no alert is displayed
    • If the input is not valid, the input field is cleared and an alert is displayed stating that the input was not a valid IP

  • Once validation passes, the script launches Internet Explorer in 'kiosk' mode pointed to a Kermit the Frog version of Rick Astley's legendary hit Never Gonna Give You Up.

    The code in this repository is identical to CVE-2020-1350.exe in the honeypot repository. Please feel free to decompile or reverse the EXE, the checksum is published on the honeypot repository and can be checked against the binary in this repository. CVE-2020-1350.exe (sha256sum 9e6da40db7c7f9d5ba679e7439f03ef6aacee9c34f9a3f686d02af34543f2e75).

DISCLAIMER

THIS CODE, AND THE EXECUTIBLE PUBLISHED IN THE HONEYPOT REPOSITORY LISTED ABOVE, IS PROVIDED AS-IS WITHOUT ANY WARRANTY OR GUARANTEES WHATSOEVER. EXECUTION OF THIS CODE, OR ANY EXECUTABLE COMPLIED FROM IT, IS ENTIRELY AT YOUR OWN RISK. ANY MODIFICATIONS TO THIS CODE TO CREATE A WORKING EXPLOIT ARE NOT AUTHORIZED. YOU ARE LIABLE FOR YOUR OWN MODIFICATIONS.