CVE-2020-1472

This exploit leverages CVE-2020-1472 (ZeroLogon) to reset the password of a domain controller's machine account via a flaw in the Netlogon Remote Protocol. It includes functionality to check, exploit, and restore the target.

This repository contains a Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It leverages the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This repository contains a functional proof-of-concept exploit for CVE-2020-1472 (Zerologon), which allows an attacker to bypass authentication and reset the password of a domain controller account to an empty string. The exploit leverages a vulnerability in the Netlogon Remote Protocol (MS-NRPC) to achieve authentication bypass and privilege escalation.

This repository contains a working exploit for CVE-2020-1472 (ZeroLogon), allowing an attacker to reset the password of a domain controller's machine account to empty and subsequently dump credentials. It includes scripts to set an empty password and restore the original password.

This repository contains a functional exploit for CVE-2020-1472 (Zerologon), which resets the Domain Controller's account password to an empty string, allowing authentication bypass and privilege escalation to Domain Admin. The exploit leverages a cryptographic flaw in the Netlogon protocol.

This repository contains a functional PoC exploit for CVE-2020-1472 (Zerologon), enabling unauthenticated domain controller takeover via Netlogon protocol abuse. It includes tools for remote command execution (psexec.py) and credential dumping (secretsdump.py).

This repository contains a functional proof-of-concept exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to impersonate a domain controller and reset its password to gain domain admin privileges. The exploit includes tools for testing vulnerability, resetting passwords, and restoring original credentials.

This is a C++ implementation of the ZeroLogon exploit (CVE-2020-1472) that resets the password of a domain controller's machine account by exploiting a vulnerability in the Netlogon Remote Protocol. It uses brute-force to bypass authentication and set a new password.

This is a Python-based proof-of-concept for CVE-2020-1472 (Zerologon), demonstrating authentication bypass via RPC/SMB. It attempts to exploit the vulnerability by sending zeroed-out credentials to the Netlogon service, with optional SMB authentication and packet privacy.

This repository contains a Python-based exploit for CVE-2020-1472 (Zerologon), which allows an attacker to bypass authentication on a vulnerable domain controller by exploiting a flaw in the Netlogon Remote Protocol. The exploit sets the machine account password to an empty string, enabling further attacks like secretsdump.py for credential extraction.

This is a functional exploit for CVE-2020-1472 (Zerologon), which exploits a cryptographic flaw in the Netlogon Remote Protocol to authenticate as a domain controller and reset the machine account password. The PoC demonstrates the vulnerability by performing a brute-force attack to achieve authentication bypass.

This is a functional exploit for CVE-2020-1472 (Zerologon), which allows an unauthenticated attacker to compromise a vulnerable Domain Controller by exploiting a cryptographic flaw in the Netlogon protocol. The PoC automates the attack, resets the machine account password, and escalates to domain administrator privileges.

This repository contains a Python-based proof-of-concept exploit for CVE-2020-1472 (Zerologon), which allows an attacker to zero out the password of a domain controller's machine account and dump NTDS hashes. The exploit leverages a vulnerability in the Netlogon Remote Protocol (MS-NRPC) to establish a vulnerable security channel.

This repository contains a vulnerability scanner for Domain Controllers, specifically checking for CVE-2020-1472 (Zerologon), MS-PAR/MS-RPRN, and SMBv2 Signing. It does not exploit vulnerabilities but scans for their presence.

This repository contains a Python script to check for the Zerologon vulnerability (CVE-2020-1472) in domain controllers. It attempts to authenticate using a zero challenge and credential to determine if the target is vulnerable.

This repository contains a working exploit for CVE-2020-1472 (Zerologon), which allows an attacker to bypass authentication and reset the password of a domain controller's machine account to an empty string. The exploit leverages a cryptographic flaw in the Netlogon Remote Protocol.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to impersonate a domain controller account and reset its password to an empty value. The exploit leverages a cryptographic flaw in the Netlogon Remote Protocol to achieve authentication bypass and privilege escalation.

This PowerShell script checks for potential exploitation of CVE-2020-1472 (ZeroLogon) by analyzing NetLogon debug logs and Windows Event Logs for suspicious authentication patterns and password resets. It does not exploit the vulnerability but detects artifacts of exploitation.

This repository contains a functional exploit for CVE-2020-1472 (Zerologon), which allows unauthenticated attackers to compromise a Domain Controller by setting its computer account password to an empty value. The exploit leverages a cryptographic flaw in the Netlogon Remote Protocol to bypass authentication.

This repository contains a C# vulnerability checker for CVE-2020-1472 (ZeroLogon), which tests whether a domain controller is vulnerable by attempting to exploit the authentication bypass flaw in Netlogon. It does not execute a full exploit but checks for vulnerability by simulating the attack.

This repository contains a working exploit for CVE-2020-1472 (Zerologon), which allows an attacker to elevate privileges by exploiting a vulnerability in the Netlogon Remote Protocol. The exploit resets the domain controller's account password to an empty string, enabling further attacks.

This repository contains a Python script for mass scanning and exploiting CVE-2020-1472 (ZeroLogon), a critical vulnerability in Netlogon Remote Protocol (MS-NRPC). The script attempts to authenticate with a zeroed-out challenge and credential to determine if a domain controller is vulnerable.

This repository contains a functional proof-of-concept exploit for CVE-2020-1472 (Zerologon), which allows an attacker to authenticate as a domain controller by exploiting a cryptographic flaw in the Netlogon protocol. The exploit resets the domain controller's password, enabling full domain compromise.

This repository contains a Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using the Impacket library. It includes a lab setup with a vulnerable Windows Server 2019 VM configured as a Domain Controller.

This repository contains a functional proof-of-concept exploit for CVE-2020-1472 (Zerologon), which allows an attacker to authenticate as a domain controller by exploiting a cryptographic flaw in the Netlogon protocol. The exploit resets the domain controller's password to an empty string, enabling further attacks like DCSync.

This repository contains a Python-based exploit for CVE-2020-1472 (Zerologon), which allows an attacker to bypass authentication and reset the Domain Controller's account password to an empty string. The exploit leverages a cryptographic flaw in the Netlogon Remote Protocol.

This repository contains a vulnerability scanner for Domain Controllers, specifically checking for CVE-2020-1472 (Zerologon), MS-PAR/MS-RPRN, and SMBv2 Signing. It does not exploit vulnerabilities but scans for their presence.

This repository contains a functional exploit for CVE-2020-1472 (Zerologon), which allows an attacker to reset the password of a domain controller's machine account to an empty string. The exploit leverages a cryptographic flaw in the Netlogon Remote Protocol (MS-NRPC) to achieve authentication bypass and privilege escalation.

This PowerShell script mitigates CVE-2020-1472 (Zerologon) by enforcing secure RPC for Netlogon on domain controllers. It checks for required updates and sets the 'FullSecureChannelProtection' registry key to enable protection.

This repository contains a functional exploit for CVE-2020-1472 (Zerologon), which allows an attacker to authenticate as a domain controller and reset its password. The exploit leverages a cryptographic flaw in the Netlogon protocol to achieve authentication bypass.

This repository contains a Python script that exploits CVE-2020-1472 (ZeroLogon), a vulnerability in the Netlogon Remote Protocol allowing authentication bypass by setting an empty password for a domain controller account. The script uses the Impacket library to perform brute-force attempts to exploit the flaw.

This is a functional PoC for CVE-2020-1472 (Zerologon), which exploits a cryptographic flaw in Netlogon to authenticate as a domain controller and reset its password. The script uses brute-force to bypass authentication and demonstrates the vulnerability by resetting the target computer's password.

This repository contains a functional proof-of-concept exploit for CVE-2020-1472 (ZeroLogon), which allows an unauthenticated attacker to reset the password of a Domain Controller's machine account via a cryptographic flaw in the Netlogon protocol. The exploit includes both the C++ implementation for the attack and a Python script for post-exploitation credential dumping.

This repository contains a functional proof-of-concept exploit for CVE-2020-1472 (Zerologon), which allows an attacker to authenticate to a domain controller with an empty password and reset the machine account password. The exploit leverages a cryptographic flaw in the Netlogon Remote Protocol.

This repository contains a Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It leverages the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This repository contains a Python-based exploit for CVE-2020-1472 (Zerologon), a critical privilege escalation vulnerability in Netlogon. The exploit manipulates the Netlogon protocol to authenticate as a domain controller and reset passwords.

This is a functional exploit for CVE-2020-1472 (ZeroLogon) that resets the domain controller's machine account password to null, allowing hash dumping without authentication. It leverages Impacket's NRPC implementation to perform the attack.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), allowing an attacker to set an empty password for a domain controller's machine account and escalate privileges to Domain Admin. The exploit leverages a cryptographic flaw in the Netlogon Remote Protocol.

This is a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to impersonate a domain controller account by exploiting a cryptographic flaw in the Netlogon authentication process. The exploit resets the domain controller's password to an empty string, enabling further attacks like DCSync.

This PowerShell script scans Windows Event Logs (EVTX files) for events related to CVE-2020-1472 (Zerologon) and exports them to CSV for analysis in Excel. It does not exploit the vulnerability but aids in detecting exploitation attempts.

This is a functional exploit for CVE-2020-1472 (ZeroLogon), which leverages a vulnerability in the Netlogon Remote Protocol to impersonate a domain controller, dump registry hives, extract the machine password, and reinstall the original password. It includes a semi-interactive shell for post-exploitation.

This repository provides a writeup and instructions for exploiting CVE-2020-1472 (Zerologon), a privilege escalation vulnerability in the Netlogon Remote Protocol (MS-NRPC) due to insecure AES-CFB8 usage. It references external repositories for the actual exploit code and testing tools.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to bypass authentication and reset the password of a domain controller account to an empty string. The exploit leverages a cryptographic flaw in the Netlogon Remote Protocol.

This repository provides a Zabbix template for monitoring Windows Event Viewer events related to CVE-2020-1472 (Netlogon Elevation of Privilege Vulnerability). It focuses on detecting event IDs 5827, 5828, and 5829, which are indicators of exploitation attempts.

This repository contains a Python-based exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to bypass authentication and reset the password of a domain controller. The exploit uses the Impacket library to perform Netlogon authentication bypass and password reset.

The repository contains a functional Python-based tool for exploiting CVE-2020-1472 (ZeroLogon) and other Active Directory vulnerabilities. It includes SMB signing checks, ZeroLogon detection, and LAPS password extraction, with a focus on stealthy reconnaissance and reporting.

This repository provides an installer script for Zer0Dump, a tool that exploits CVE-2020-1472 (ZeroLogon) to dump password hashes from Active Directory domain controllers. It automates the setup of dependencies (Impacket, CrackMapExec) and includes a post-exploitation script for lateral movement using a PowerShell reverse shell.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to authenticate to a domain controller with a zeroed-out password and reset the machine account password. The exploit leverages a cryptographic flaw in the Netlogon protocol to achieve authentication bypass and privilege escalation.

This repository contains functional exploit code for CVE-2020-1472 (ZeroLogon), which allows an attacker to set an empty password for a domain controller's machine account and subsequently dump credentials. The scripts demonstrate the vulnerability by exploiting a cryptographic flaw in the Netlogon authentication process.

This is a functional exploit for CVE-2020-1472 (Zerologon), which allows an attacker to authenticate to a Domain Controller with empty credentials and reset the machine account password. The script includes both vulnerability testing and exploitation capabilities.

This is a detailed writeup documenting the exploitation of CVE-2020-1472 (Zerologon) on a Windows Domain Controller using Metasploit and Impacket. It includes steps for discovery, exploitation, credential extraction, and post-exploitation validation.

This repository provides a detailed educational walkthrough of CVE-2020-1472 (ZeroLogon), including steps to test and exploit the vulnerability using tools like Impacket and SecuraBV's tester. It demonstrates privilege escalation via pass-the-hash attacks and persistence techniques.

This repository is a writeup demonstrating detection and mitigation techniques for CVE-2020-1472 (ZeroLogon), including vulnerability testing, Windows Event Log analysis, and Suricata IDS rules. It references external PoC scripts and tools but does not contain exploit code itself.

This repository is a writeup documenting the simulation and prevention of the Zerologon (CVE-2020-1472) vulnerability attack in Active Directory on Windows Server 2016. It references external tools and provides operational results, including reports and presentations.

This repository contains a proof-of-concept exploit for CVE-2020-1472 (Zerologon), leveraging Impacket to exploit a vulnerability in the Netlogon Remote Protocol. The exploit allows an attacker to authenticate as a domain controller and potentially take over a domain.

This is a functional PoC for CVE-2020-1472 (Zerologon), which exploits a vulnerability in Netlogon to reset the domain controller's password to an empty string, enabling privilege escalation and DCsync attacks.

This repository is a writeup documenting the steps to exploit CVE-2020-1472 (Zerologon) using existing tools like Impacket. It includes instructions for exploitation, detection via Windows Event Viewer, and mitigation steps.

This repository contains a functional Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It leverages the Impacket library to interact with the Netlogon RPC service and confirms vulnerability if the authentication succeeds.

This is a functional exploit for CVE-2020-1472 (ZeroLogon), which leverages a cryptographic flaw in the Netlogon authentication process to bypass authentication and reset the domain controller's machine account password. The exploit uses Impacket to perform RPC-based attacks against vulnerable domain controllers.

This PoC exploits CVE-2020-1472 (ZeroLogon) to reset the domain controller's password and gain a shell via evil-winrm. It combines the original ZeroLogon exploit with an automated evil-winrm command for post-exploitation.

This repository contains a Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It leverages the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This repository contains a working PoC for CVE-2020-1472 (Zerologon), a critical privilege escalation vulnerability in Netlogon. It includes scripts to exploit the flaw, dump secrets, and execute commands via WMI/PSEXEC.

This repository contains a Python script for mass scanning and exploiting the ZeroLogon vulnerability (CVE-2020-1472) in Active Directory domain controllers. It automates the authentication bypass by sending crafted Netlogon requests with zeroed-out credentials.

This repository contains a functional proof-of-concept exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to set the machine account password of a vulnerable domain controller to an empty string. The exploit leverages a cryptographic flaw in the Netlogon Remote Protocol (MS-NRPC) to bypass authentication.

This is a Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It uses the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This is a Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It uses the Impacket library to interact with the Netlogon RPC service and determines vulnerability based on the response.

This repository contains a Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It leverages the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This is a functional exploit for CVE-2020-1472 (Zerologon), which resets the domain controller's account password to an empty string by exploiting a cryptographic flaw in Netlogon. It performs brute-force authentication attempts with zeroed credentials.

This repository contains a functional exploit for CVE-2020-1472 (Zerologon), which allows an unauthenticated attacker to reset the password of a domain controller's Active Directory account to an empty string. The exploit leverages a cryptographic flaw in the Netlogon Remote Protocol (MS-NRPC).

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), automating the process of exploiting a vulnerable Domain Controller to dump credentials and gain access via Evil-WinRM. The scripts are designed to chain the exploit with credential extraction and remote access.

This repository contains multiple Python scripts exploiting CVE-2020-1472 (Zerologon), a critical vulnerability in Netlogon Remote Protocol (MS-NRPC). The exploit allows an unauthenticated attacker to impersonate a domain controller and set an empty password, leading to domain compromise.

This repository contains PowerShell scripts to detect non-compliant devices vulnerable to CVE-2020-1472 (ZeroLogon) by querying specific Event IDs (5827-5831) from domain controllers. The scripts do not exploit the vulnerability but scan for indicators of unpatched systems.

This repository contains a Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It leverages the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This PowerShell script scans domain controllers for specific security updates related to CVE-2020-1472 (Zerologon) and exports compliance data to a CSV file. It does not exploit the vulnerability but checks for patch compliance.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to impersonate a domain controller account by exploiting a cryptographic flaw in the Netlogon authentication process. The exploit resets the domain controller's password to an empty string, enabling further attacks like DCSync.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to authenticate as a domain controller by exploiting a cryptographic flaw in the Netlogon protocol. The exploit resets the DC account password to an empty string, enabling further attacks like DCSync.

This repository contains a Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It leverages the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to impersonate a domain controller account by exploiting a cryptographic flaw in the Netlogon authentication process. The exploit resets the domain controller's password to an empty string, enabling further attacks like DCSync.

This PowerShell script scans Windows Event Logs (EVTX files) for specific events related to CVE-2020-1472 (Zerologon) and exports them to CSV for analysis in Excel. It does not contain exploit code but aids in detecting exploitation attempts.

This Metasploit module exploits CVE-2020-1472 (Zerologon) to reset a machine account password to empty by leveraging a cryptographic flaw in Netlogon authentication. It includes both removal and restoration of the password.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to impersonate a domain controller account by exploiting a cryptographic flaw in the Netlogon authentication process. The exploit resets the domain controller's password to an empty string, enabling further attacks like DCSync.

This repository contains a functional Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It leverages the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This repository contains a functional Python script that exploits CVE-2020-1472 (ZeroLogon), a vulnerability in the Netlogon Remote Protocol allowing authentication bypass by leveraging weak AES-CFB8 encryption. The script uses the Impacket library to perform brute-force attempts to spoof a domain controller's identity and set an empty password.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to impersonate a domain controller account by exploiting a cryptographic flaw in the Netlogon authentication process. The exploit resets the domain controller's password to an empty string, enabling further attacks like DCSync.

This repository contains a functional Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It leverages the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This repository contains functional exploit code for CVE-2020-1472 (ZeroLogon), which allows an attacker to set an empty password for a domain controller's machine account and subsequently dump credentials. The scripts demonstrate the vulnerability by exploiting a cryptographic flaw in the Netlogon authentication process.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to impersonate a domain controller account by exploiting a cryptographic flaw in the Netlogon authentication process. The exploit resets the domain controller's password to an empty string, enabling further attacks like DCSync.

This repository contains a functional Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. The script leverages the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This repository contains a functional Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. The script uses the Impacket library to interact with the Netlogon RPC interface and determines vulnerability based on the response from the domain controller.

This repository contains a functional Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It leverages the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This repository contains a functional Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. It leverages the Impacket library to perform RPC calls and determine if a domain controller is vulnerable.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to impersonate a domain controller account by exploiting a cryptographic flaw in the Netlogon authentication process. The exploit resets the domain controller's password to an empty string, enabling further attacks like DCSync.

This repository contains a functional exploit for CVE-2020-1472 (ZeroLogon), which allows an attacker to impersonate a domain controller by exploiting a cryptographic flaw in the Netlogon authentication process. The exploit resets the DC account password to an empty string, enabling further attacks like DCSync.

This repository contains a functional Python script that tests for the ZeroLogon vulnerability (CVE-2020-1472) by attempting to bypass Netlogon authentication using an all-zero challenge and credential. The script uses the Impacket library to perform the attack and includes a Dockerfile for easy deployment.

This repository contains documentation and configuration scripts for a collection of Windows exploits, including CVE-2003-0352, CVE-2006-3439, and others. It includes README files in both Chinese and English, as well as a Python script for generating documentation.