forked from p15670423/monkey
27 lines
1.0 KiB
Markdown
27 lines
1.0 KiB
Markdown
|
---
|
||
|
|
title: "Zerologon"
|
||
|
|
date: 2021-01-31T19:46:12+05:30
|
||
|
|
draft: false
|
||
|
|
tags: ["exploit", "windows"]
|
||
|
|
---
|
||
|
|
|
||
|
|
The Zerologon exploiter exploits [CVE-2020-1472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472).
|
||
|
|
|
||
|
|
This exploiter is unsafe.
|
||
|
|
* It will temporarily change the target domain controller's password.
|
||
|
|
* It may break the target domain controller's communication with other systems in the network, affecting functionality.
|
||
|
|
|
||
|
|
It is, therefore, **not** enabled by default.
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC).
|
||
|
|
|
||
|
|
To download the relevant security update and read more, click [here](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472).
|
||
|
|
|
||
|
|
|
||
|
|
### Notes
|
||
|
|
|
||
|
|
* The Infection Monkey exploiter implementation is based on implementations by [@dirkjanm](https://github.com/dirkjanm/CVE-2020-1472/) and [@risksense](https://github.com/risksense/zerologon).
|