Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.
PoC: CVE-2020-1472
Test tool for CVE-2020-1472
PoC: CVE-2020-1472
PoC for Zerologon - all research credits go to Tom Tervoort of Secura
PoC: zerologon
Exploit for zerologon cve-2020-1472
PoC: CVE-2020-1472
Exploit Code for CVE-2020-1472 aka Zerologon
PoC: zer0dump
Abuse CVE-2020-1472 (Zerologon) to take over a domain and then repair the local stored machine account password.
PoC: cve-2020-1472
cve-2020-1472 复现利用及其exp
PoC: CVE-2020-1472-EXP
Ladon Moudle CVE-2020-1472 Exploit 域控提权神器
PoC: zerologon
Test script for CVE-2020-1472 for both RPC/TCP and RPC/SMB
PoC: ADZero
Zerologon AutoExploit Tool | CVE-2020-1472
PoC: zerologon
Zerologon Check and Exploit - Discovered by Tom Tervoort of Secura and expanded on @Dirkjanm's cve-2020-1472 coded example. This tool will check, exploit and restore password to original state
PoC: Zerologon_CVE-2020-1472
POC for checking multiple hosts for Zerologon vulnerability
PoC: CVE-2020-1472
CVE-2020-1472复现时使用的py文件整理打包
PoC: zeroscan
Zeroscan is a Domain Controller vulnerability scanner, that currently includes checks for Zerologon (CVE-2020-1472), MS-PAR/MS-RPRN and SMBv2 Signing.
PoC: ZeroLogon-Exploitation-Check
quick'n'dirty automated checks for potential exploitation of CVE-2020-1472 (aka ZeroLogon), using leading artifects in determining an actual exploitation of CVE-2020-1472. requires admin access to the DCs
PoC: zerologon
Set of scripts, to test and exploit the zerologon vulnerability (CVE-2020-1472).
PoC: CVE-2020-1472_ZeroLogonChecker
C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon
PoC: Zerologon
Exploit Code for CVE-2020-1472 aka Zerologon
PoC: CVE-2020-1472
CVE-2020-1472 - Zero Logon vulnerability Python implementation
PoC: zerologon-CVE-2020-1472
PoC for Zerologon (CVE-2020-1472) - Exploit
PoC: CVE-2020-1472
CVE-2020-1472复现流程
PoC: Set-ZerologonMitigation
Protect your domain controllers against Zerologon (CVE-2020-1472).
PoC: CVE-2020-1472
https://github.com/dirkjanm/CVE-2020-1472
PoC: CVE-2020-1472
[CVE-2020-1472] Netlogon Remote Protocol Call (MS-NRPC) Privilege Escalation (Zerologon)
PoC: cve-2020-1472_Tool-collection
cve-2020-1472_Tool collection
PoC: zabbix-template-CVE-2020-1472
Zabbix Template to monitor for Windows Event Viewer event's related to Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472. Monitors event ID's 5827, 5828 & 5829. See: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
PoC: CVE-2020-1472
CVE-2020-1472漏洞复现过程
PoC: MassZeroLogon
Tool for mass testing ZeroLogon vulnerability CVE-2020-1472
PoC: ZeroLogon
CVE-2020-1472 C++
PoC: CVE-2020-1472
Exploit for zerologon cve-2020-1472
PoC: Zero-day-scanning
Zero-day-scanning is a Domain Controller vulnerability scanner, that currently includes checks for Zero-day-scanning (CVE-2020-1472), MS-PAR/MS-RPRN and SMBv2 Signing.
PoC: zerologon
zerologon script to exploit CVE-2020-1472 CVSS 10/10
PoC: CVE-2020-1472
CVE-2020-1472
PoC: apex-predator
Advanced AD Offensive Engine. Automates the path from stealthy recon to domain compromise. Features unauthenticated SMB Signing/NTLM Relay audits, ZeroLogon (CVE-2020-1472) hunting, and authenticated LAPS extraction. Engineered for Red Team precision with professional, executive-ready HTML reporting.
PoC: CVE-2020-1472-ZeroLogon-Analysis
Research project exploring the ZeroLogon vulnerability. Includes technical write-up on exploit chains, troubleshooting, and server hardening.
PoC: zerologon-lab
Scripts for a lab environment demonstrating the Zerologon (CVE-2020-1472) vulnerability.
PoC: ZeroLogon-PoC-DC-Pwn
Zerologon (CVE-2020-1472) Proof-of-Concept application - Critical Active Directory vulnerability exploitation tool.
PoC: Domain-Controller-DC-Exploitation-with-Metasploit-Impacket
End-to-end Domain Controller exploitation using Metasploit and Impacket: discovered DC10, exploited Zerologon (CVE-2020-1472), extracted NTLM hashes, gained SYSTEM shell, and established a Meterpreter session.
PoC: ZeroLogon-CVE-2020-1472-lab
Explicação e demonstração da vulnerabilidade ZeroLogon (CVE-2020-1472)
PoC: Simulating-and-preventing-Zerologon-CVE-2020-1472-vulnerability-attacks.
Simulation of the Zerologon (CVE-2020-1472) vulnerability attack in Active Directory on Windows Server 2016 and the use of the Trend Micro Deep Security solution to prevent such attacks.
PoC: ZerologonWithImpacket-CVE2020-1472
This project combines the Zerologon vulnerability exploit (CVE-2020-1472) with Impacket tools for streamlined exploitation and post-exploitation activities. It allows penetration testers to assess and demonstrate the impact of this critical vulnerability in a controlled and authorized environment.
PoC: zerologon-poc
A script to exploit CVE-2020-1472 (Zerologon)
PoC: CVE-2020-1472-LAB
Lab introduction to ZeroLogon
PoC: 0logon
MS-NRPC (Microsoft NetLogon Remote Protocol)/CVE-2020-1472
PoC: ZeroLogon-to-Shell
This is a combination of the zerologon_tester.py code (https://raw.githubusercontent.com/SecuraBV/CVE-2020-1472/master/zerologon_tester.py) and the tool evil-winrm to get a shell.
PoC: Zerologon-CVE-2020-1472
Zerologon exploit for CVE-2020-1472
PoC: zero-effort
Exploiting CVE-2020-1472 vulnerability (a.k.a Zerologon) without effort.
PoC: CVE-2020-1472-LAB
Lab introduction to ZeroLogon
PoC: MassZeroLogon
Tool for mass testing ZeroLogon vulnerability CVE-2020-1472
PoC: CVE-2020-1472
ZeroLogon exploitation script,One-click recovery of domain controller machine Hash
PoC: CVE-2020-1472
Exploit for zerologon cve-2020-1472,And automatically recover the domain control machine hash
PoC: ad-scanner
Active Directory scanner for MS17-010 MS14-068 CVE-2020-1472 etc...
PoC: zerologon
Set of scripts, to test and exploit the zerologon vulnerability (CVE-2020-1472).
PoC: CVE-2020-1472
Test tool for CVE-2020-1472
PoC: CVE-2020-1472
Fancy Zerologon Beta
PoC: ZeroLogon-Exploit
Modified the test PoC from Secura, CVE-2020-1472, to change the machine password to null
PoC: The_big_Zero
The following is the outcome of playing with CVE-2020-1472 and attempting to automate the process of gaining a shell on the DC
PoC: zerologon
Check for events that indicate non compatible devices -> CVE-2020-1472
PoC: CVE-2020-1472
CVE-2020-1472
PoC: CVE-2020-1472
CVE 2020-1472 Script de validación
PoC: CVE-2020-1472-Easy
A simple implementation/code smash of a bunch of other repos
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free