Scanning and Exploiting Zerologon

What is Zerologon?

Zerologon is the name that has been given to a vulnerability identified in CVE-2020-1472. It’s called zerologon due to the flaw in the logon process where the initialization vector (IV) is set to all zeros all the time while an Initialization Vector (IV) should always be a random number.

Scanning for Zerologon

SecuraBV zerologon scanner https://github.com/SecuraBV/CVE-2020-1472
We can use crackmapexec to extract the DC name

If the target is vulnerable the scanner showing the following output:

Exploiting Zerologon:

  • The exploit could reset the domain admin password we can use zer0dump exploit instead https://github.com/bb00/zer0dump
  • Dumping The admin password (change the username if only one user is targetted )

Getting an RCE through pass-the-hash

 

Comments are closed, but trackbacks and pingbacks are open.

SignupSubscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.

Subscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.