What is Zerologon?
Zerologon is the name that has been given to a vulnerability identified in CVE-2020-1472. It’s called zerologon due to the flaw in the logon process where the initialization vector (IV) is set to all zeros all the time while an Initialization Vector (IV) should always be a random number.
Scanning for Zerologon
SecuraBV zerologon scanner https://github.com/SecuraBV/CVE-2020-1472
We can use crackmapexec to extract the DC name
If the target is vulnerable the scanner showing the following output:
- The exploit could reset the domain admin password we can use zer0dump exploit instead https://github.com/bb00/zer0dump
- Dumping The admin password (change the username if only one user is targetted )
Getting an RCE through pass-the-hash