ZeroLogon Exploit - Abusing CVE-2020-1472
Рет қаралды 79,147
Күн бұрын
@TCMSecurityAcademy 3 жыл бұрын
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
@kaleababdurahman5318 4 жыл бұрын
my favorite mentor on youtube.
@null_1065 4 жыл бұрын
I really aspire to be like you Cyber Mentor. I hope to have a family and a good head on my shoulders like you, God Bless you sir!
@The1996Rockers 4 жыл бұрын
It means that we can takeover any domain controller till now which haven't been patched for this exploit? Eg: can we takeover the forest machine from HTB from this exploit?
@andyli 3 жыл бұрын
Yes, just tested it. It works
@shreyashhire7527 4 жыл бұрын
Thankyou for all this man 🔥 ur content is super helpful ♥️🙌
@socrayhte 4 ай бұрын
Please how were you able to run impacket in the virtual environment @4:23
@parampreetrai7093 4 жыл бұрын
I'm surprised that u still had this Hydra-DC virtual image that u setuped on penetration testing course. 😁 Great video 👍👍👍
@igorpasternak8127 4 жыл бұрын
Thx a lot for the newest vulnerability review!!!
@abdullahanas7679 2 жыл бұрын
where i can get an AD unpathes?
@or_test 4 жыл бұрын
do not perform on production. this WILL destroy your system.
@neonode2575 4 жыл бұрын
First video I'm seeing, didn't see the whole video, but liked anyway :)
@cybercashz 4 жыл бұрын
I bought your hacker bundle from ur new tcm academy really looking forward to learn together 😁
@randomapperatus3773 4 жыл бұрын
Going through your PEH right now. Christian at Intrinium told me I should buy in case you wanna give him a kick back 🤣🤣
@nottahgiyn7866 3 жыл бұрын
Awesome now I want to figure out how to counter this
@hackingsecurity6180 4 жыл бұрын
Dope man, this is so litt
@pinikorn9216 4 жыл бұрын
So what's the solution for this?
@lee_carter 4 жыл бұрын
Apply the MS patch from the Microsoft website (support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc#EnforcementMode ) and if this is a Samba DC applying server channel config detailed on Samba website (www.samba.org/samba/security/CVE-2020-1472.html )
@anissehounaoui2139 4 жыл бұрын
If you want to detect if you are vilnerable to this exploit, you can download a tool made by cynet you will find it in the end of this article : www.anissecurity.com/news/zerologon-vulnerability/
@ollyalmon6460 4 жыл бұрын
The fact this vulnerability is very simple but also very dangerous to people with bad intentions... Note PATCH this on your stuff ASAP.
@dhanushholla9221 4 жыл бұрын
Could you please explain what marvel was? And during secret dump you added -just-dc what that stands for?...BY THE BIG FAN AND LOVE FROM INDIA💯🤩❤️ HAPPY TO SEE YOUR VIDEOS . GURU 🙇
@Darth0010 Жыл бұрын
amazing video! I know it's an old video but I am trying to create an assignment where students can try to use this exploit; its for a penetration testing class. Would you know any way I can get my hands on a Windows Server 2019 ISO that's unpatched?
@gr4vedigg3r 4 жыл бұрын
you the best keep it up!
@justsahilgamer9742 4 жыл бұрын
i have one question that how do we identify that this vuln is there in the pc ?
@febday5944 3 жыл бұрын
Thank bro That good!!! and easy to learning for beginner.
@stanev123 4 жыл бұрын
How can I find the domain name of the target?
@dhanushholla9221 4 жыл бұрын
For what impacket is used? And how to use hashes inview of getting access?
@drakesh6379 4 жыл бұрын
Is attacker should be sitting in the network, to exploit this attack?
@samudrasarma6555 4 жыл бұрын
Nope
@lee_carter 4 жыл бұрын
Yes unless you are silly enough to have your netlogon hanging on a public network.
@cocplayers4459 4 жыл бұрын
How to find find vulnerability???
@yashodhanpagar 4 жыл бұрын
Love from INDIA ❤️ I AM YOU STUDENT AT UDEMY PRACTICAL ETHICAL HACKING ❤️
@911outrun 4 жыл бұрын
I feel like I should find a scanner to detect this if possible (too dumb to make one in enough time). Would help a bit at work since I just spent how long making sure my systems were patched
@samudrasarma6555 4 жыл бұрын
I already automated this if you need the python script ping me.
@mohamedhamed1286 4 жыл бұрын
@@samudrasarma6555 can you send me please ? mr.root2203@gmail.com
@dadquestionmark 4 жыл бұрын
There is a scanner script on GitHub, don't let random people on youtube send you one lol
@911outrun 4 жыл бұрын
@@dadquestionmark Yeah I managed to find the one from Secura and as far as I can tell it looks clean but will run it against a test dc at home first and see what it does.
@dadquestionmark 4 жыл бұрын
@@911outrun Yep that's the one. Alternatively you could use wmi, for example, to check remote systems for the patch.
@dhanushholla9221 4 жыл бұрын
I'm very new to this field thats why I'm asking so much of doubts..don't mind bro 😁😅
@manamnice 4 жыл бұрын
Missed the 2018 kalilinux
@chiragagrawal7856 4 жыл бұрын
Thank you for the share
@demiscuzz6427 4 жыл бұрын
How do you run in virtual env in Kali ?
@Luezzy 4 жыл бұрын
there is any mitigation for this exploit?
@UlfKlose 4 жыл бұрын
There's a patch from Microsoft.
@CanCaner163 4 жыл бұрын
does it work remote with external ips ?
@dcdiagfix 4 жыл бұрын
You should do a version using the print spooler vuln it doesn’t break the computer password!
@anissehounaoui2139 4 жыл бұрын
More details please?
@Bob-hk9mx 4 жыл бұрын
Is this exploit require target in same network ?
@Lim3tree 3 жыл бұрын
Is this tool allowed in OSCP exam?
@kevinlim4452 4 жыл бұрын
which hash do i use if i want to run reinstall_original_pw.py ?
@sayurionella6256 4 жыл бұрын
I did this exploitation. but it not correctly run, please help me
@SensitiveEvent 4 жыл бұрын
I'm currently in the middle of three engagements. I ran this on two of them, I can no longer resolve hosts and authentication is acting weird. Is there a restore feature like script.py -r? Debating on trying it on the last engagement and just calling it a night. Thanks in advanced.
@gr4vedigg3r 4 жыл бұрын
hey I don't think you should have run it on a engagement. you should try and restore it immediately because it can leave it vulnerable if it was not patched
@henrythegod6756 4 жыл бұрын
Per the github instructions: "And that should show you the original NT hash of the machine account. You can then re-install that original machine account hash to the domain by python3 reinstall_original_pw[dot]py DC_NETBIOS_NAME DC_IP_ADDR ORIG_NT_HASH Reinstalling the original hash is necessary for the DC to continue to operate normally." github[dot]com/risksense/zerologon
@dadquestionmark 4 жыл бұрын
wow
@SensitiveEvent 4 жыл бұрын
@@gr4vedigg3r Whatever they should have patched their servers. One of the companies called me this morning raging that their network wasn't working, it's not my fault. Two directors and the CEO got on on a conference call and agreed with me that an attacker could have done the same thing. meh, they can restore from backups. I'll try again later tonight.
@gr4vedigg3r 4 жыл бұрын
@@SensitiveEvent yea bt I wouldn't recommend running scripts tht hurt the clients network if I would want to run tht script I'd call them up and tell them to make a backup and have someone ready to fix it up if it goes down ;)
@MrTJadam 4 жыл бұрын
is this safe to use on bug bounty targets? Or will set_empty_pw.py screw up their DC? Thanks
@nero2k619 4 жыл бұрын
You won't find any public or private programs exposing their domain controller to public.
@neetech3716 4 жыл бұрын
Great 🔥
@srlsec 4 жыл бұрын
TCM
@antoniodesilva 4 жыл бұрын
Can you explain how you ran the virtual environment? Thanks!
@Em-ef4vh 4 жыл бұрын
Here's some documentation on that: novicenolonger.com/safe-python-playing-with-virtualenv/
@antoniodesilva 4 жыл бұрын
@@Em-ef4vh Thanks, will try it out!
@WoLFyy2009 4 жыл бұрын
This exploit only windows server 2012?
@Aarun3096 4 жыл бұрын
Hi sir...back with zerologon vulnerability....it was just short & wealthy more to get....suberub
@KUMAR-mm4sw 4 жыл бұрын
Sir how to insert a name in any website at particular place by hacking ? Which tools, method etc. is used for that?
@dadquestionmark 4 жыл бұрын
Hack everything with Inspect Element
@MrPeter-jt3nd 4 жыл бұрын
it doesn't work 😵😵
@null.ru.1337 4 жыл бұрын
Cuz the domain controller was patched.
@AntiWanted 4 жыл бұрын
Nice
@MH-tw1qi 4 жыл бұрын
Your KZbin fans are waiting for new content
@TCMSecurityAcademy 4 жыл бұрын
Is this not new content?
@parampreetrai7093 4 жыл бұрын
@@TCMSecurityAcademy👌😂
@shrirangkahale 4 жыл бұрын
Heyy...
@nwodomitchel8921 4 жыл бұрын
Superb education and awareness tips. Please throw more light on how you installed impacket, because the secretsdump.py command is not found on my kali 2020.3 I was only able to install impacket 0.9.21, please help out on how you installed 0.9.22
@umersaeed6032 4 жыл бұрын
did you manage to get impacket 0.9.22? if so how
@justsahilgamer9742 4 жыл бұрын
tryhackme also created a room for this specific cve
@MicahHidlebaugh 4 жыл бұрын
first!
@fenilshah9221 4 жыл бұрын
First
@facttrendz1314 4 жыл бұрын
Sir how to download old gnome environment on Kali Linux 2020
Loi Liang Yang
Рет қаралды 566 М.