Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Windows Server Netlogon Exploit Code Publicly Exposed

Windows Server Netlogon Exploit Code Publicly Exposed
Read more...

Evilnum hackers targeting financial firms with a new Python-based RAT

Evilnum hackers targeting financial firms with a new Python-based RAT
Read more...

Try challenges


Register & Join The Game

Break It

Welcome to Exploit Zone


Become a ninja in the shadow !

News
  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !
Sign in to follow this  
AdminSec

CVE-2020-1472

Recommended Posts

Hello,
Today i will show you the "Zerologon" exploit !

CVE-2020-1472 is a privilege escalation vulnerability due to the insecure usage of AES-CFB8 encryption for Netlogon sessions. The AES-CFB8 standard requires that each byte of plaintext, like a password, must have a randomized initialization vector (IV) so that passwords can’t be guessed. The ComputeNetlogonCredential function in Netlogon sets the IV to a fixed 16 bits, which means an attacker could control the deciphered text. An attacker can exploit this flaw to impersonate the identity of any machine on a network when attempting to authenticate to the Domain Controller (DC). Further attacks are then possible, including the complete takeover of a Windows domain. Secura’s whitepaper also notes that an attacker would be able to simply run

Hidden Content

    Give reaction or reply to this topic to see the hidden content.
to pull a list of user hashes from a target DC.

In order to exploit this vulnerability, the attacker would need to launch the attack from a machine on the same Local Area Network (LAN) as their target. A vulnerable client or DC exposed to the internet is not exploitable by itself. The attack requires that the spoofed login works like a normal domain login attempt. Active Directory (AD) would need to recognize the connecting client as being within its logical topology, which external addresses wouldn’t have.

 

CVE-2020-1472 Zerologon Vulnerability in Netlogon.png


First Step :

Download Impacket :

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

Download ZeroLogon Exploit :

Hidden Content

    Give reaction or reply to this topic to see the hidden content.


Step to compromise the DC
 

Hidden Content

    Give reaction or reply to this topic to see the hidden content.


After what you can see this result

tar.PNG
You can now connect on the DC but before take the hash !


 

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

After that you have the Hash of the administrator

tar2.PNG

You can use it to open session on the DC with wmiexec !
 

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

 

You have now a full access !

🙂

  • Hack Over 1

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...