CVE-2019-1040

This repository contains a scanner for CVE-2019-1040, which checks for vulnerability to the MIC Remove attack by sending invalid NTLM authentication packets over SMB. It does not exploit the vulnerability but detects if the target is vulnerable.

This repository contains a functional exploit for CVE-2019-1040, leveraging the NTLM relay attack via the PrinterBug technique to trigger authentication and relay credentials. It includes modules for SMB and HTTP relay servers, as well as utilities for dumping secrets and restoring operations.

This repository contains a functional Python exploit for CVE-2019-1040, leveraging NTLM relay attacks to manipulate LDAP and Kerberos authentication. The script automates the creation of machine accounts and exploits the vulnerability to achieve privilege escalation or lateral movement.

This repository contains a functional exploit for CVE-2019-1040, which leverages NTLM relay vulnerabilities combined with Kerberos delegation to achieve remote code execution and potential domain admin privileges. The tool, `dcpwn.py`, automates the exploitation process by integrating with Impacket and includes modules for various attack vectors such as SMB, LDAP, and HTTP relay attacks.

This repository contains a functional exploit for CVE-2019-1040, which leverages LLMNR poisoning and NTLM relay attacks to achieve remote code execution (RCE). The tool is an updated version of UltraRelay, incorporating the `--remove-mic` flag to bypass NTLM mitigation by exploiting the MIC (Message Integrity Code) removal vulnerability.

This repository contains a functional exploit for CVE-2019-1040, leveraging the Print Spooler service to achieve local privilege escalation (LPE) via named pipe impersonation. The code includes reflective DLL injection and RPC-based exploitation techniques.

This repository contains a functional exploit for CVE-2019-1040, which leverages NTLM relay vulnerabilities in Exchange servers to achieve remote code execution and domain admin privileges. The code includes modules for various relay attacks (SMB, LDAP, HTTP, etc.) and integrates with Impacket for authentication and execution.