CVE-2020-1472
This is a Windows 64bit Binary
This is a proof of concept exploit tool which resets the password DC account password using the ZeroLogin Exploit Technique. Use at your own risk, no warranty is implied or granted for use of this product.
C:\0LOGIN\0login
Usage: 0login
ZEROLOGIN Attack Proof of Concept Exploit – Tophat Security, Inc. (c) 2020
Tests whether a domain controller is vulnerable to the Zerologon attack. Resets the DC account password to an empty string when vulnerable.
Note: dc-name should be the (NetBIOS) computer name of the domain controller.
NO WARRANTY – USE AT YOUR OWN RISK
MD5 82c64e941b03736679511094a547f0ea 0login.exe
SHA256 151ab8b0ebe25ab3e15ae1e74e419f555c33f738b565859b2f0681a4be575709 0login.exe
Affected products
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2012
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows Server, version 1903 (Server Core installation)
- Windows Server, version 1909 (Server Core installation)
- Windows Server, version 2004 (Server Core installation)
References
- https://attackerkb.com/topics/7FbcgDOidQ/cve-2020-1472?referrer=blog#rapid7-analysis
- https://www.secura.com/pathtoimg.php?id=2055
- https://www.zdnet.com/article/zerologon-attack-lets-hackers-take-over-enterprise-networks/
- https://github.com/SecuraBV/CVE-2020-1472
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472