forked from p15670423/monkey
Add Zerologon to documentation
This commit is contained in:
parent
290385a8a0
commit
81c6de75b7
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
title: "Zerologon"
|
||||
date: 2021-01-31T19:46:12+05:30
|
||||
draft: false
|
||||
tags: ["exploit", "windows"]
|
||||
---
|
||||
|
||||
The Zerologon exploiter exploits [CVE-2020-1472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472).
|
||||
|
||||
This exploiter is unsafe.
|
||||
* It will temporarily change the target domain controller's password.
|
||||
* It may break the target domain controller's communication with other systems in the network, affecting functionality.
|
||||
|
||||
It is, therefore, **not** enabled by default.
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC).
|
||||
|
||||
To download the relevant security update and read more, click [here](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472).
|
||||
|
||||
|
||||
### Notes
|
||||
|
||||
* The Infection Monkey exploiter implementation is based on implementations by [@dirkjanm](https://github.com/dirkjanm/CVE-2020-1472/) and [@risksense](https://github.com/risksense/zerologon).
|
|
@ -578,10 +578,6 @@ class DumpSecrets:
|
|||
if self.__NTDS_hashes:
|
||||
self.__NTDS_hashes.finish()
|
||||
|
||||
# mention in report explicitly - machine exploited/not (return True, if yes) & password restored/not
|
||||
# mention patching details in report
|
||||
# add exploit info to documentation
|
||||
|
||||
|
||||
# Adapted from https://github.com/SecureAuthCorp/impacket/blob/master/examples/wmiexec.py
|
||||
# Used to get HKLM keys for restoring original DC password
|
||||
|
|
|
@ -159,7 +159,7 @@ EXPLOITER_CLASSES = {
|
|||
"breaks communication with other domain controllers.) "
|
||||
"Exploits a privilege escalation vulnerability in a Windows server domain controller, "
|
||||
"using the Netlogon Remote Protocol (MS-NRPC).",
|
||||
# "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"
|
||||
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue