CVE-2020-1472CISA KEV: Actively Exploited

Microsoft Netlogon Privilege Escalation Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.

Public Exploits & PoCs60 found

PoC: CVE-2020-1472

Test tool for CVE-2020-1472

1,453

PoC: CVE-2020-1472

PoC for Zerologon - all research credits go to Tom Tervoort of Secura

930

PoC: zerologon

Exploit for zerologon cve-2020-1472

428

PoC: CVE-2020-1472

Exploit Code for CVE-2020-1472 aka Zerologon

313

PoC: zer0dump

Abuse CVE-2020-1472 (Zerologon) to take over a domain and then repair the local stored machine account password.

157

PoC: cve-2020-1472

cve-2020-1472 复现利用及其exp

78

PoC: CVE-2020-1472-EXP

Ladon Moudle CVE-2020-1472 Exploit 域控提权神器

57

PoC: zerologon

Test script for CVE-2020-1472 for both RPC/TCP and RPC/SMB

48

PoC: ADZero

Zerologon AutoExploit Tool | CVE-2020-1472

19

PoC: zerologon

Zerologon Check and Exploit - Discovered by Tom Tervoort of Secura and expanded on @Dirkjanm's cve-2020-1472 coded example. This tool will check, exploit and restore password to original state

10

PoC: Zerologon_CVE-2020-1472

POC for checking multiple hosts for Zerologon vulnerability

8

PoC: CVE-2020-1472

CVE-2020-1472复现时使用的py文件整理打包

8

PoC: zeroscan

Zeroscan is a Domain Controller vulnerability scanner, that currently includes checks for Zerologon (CVE-2020-1472), MS-PAR/MS-RPRN and SMBv2 Signing.

5

PoC: ZeroLogon-Exploitation-Check

quick'n'dirty automated checks for potential exploitation of CVE-2020-1472 (aka ZeroLogon), using leading artifects in determining an actual exploitation of CVE-2020-1472. requires admin access to the DCs

5

PoC: zerologon

Set of scripts, to test and exploit the zerologon vulnerability (CVE-2020-1472).

4

PoC: CVE-2020-1472_ZeroLogonChecker

C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon

4

PoC: Zerologon

Exploit Code for CVE-2020-1472 aka Zerologon

3

PoC: CVE-2020-1472

CVE-2020-1472 - Zero Logon vulnerability Python implementation

3

PoC: zerologon-CVE-2020-1472

PoC for Zerologon (CVE-2020-1472) - Exploit

3

PoC: CVE-2020-1472

CVE-2020-1472复现流程

3

PoC: Set-ZerologonMitigation

Protect your domain controllers against Zerologon (CVE-2020-1472).

2

PoC: CVE-2020-1472

https://github.com/dirkjanm/CVE-2020-1472

2

PoC: CVE-2020-1472

[CVE-2020-1472] Netlogon Remote Protocol Call (MS-NRPC) Privilege Escalation (Zerologon)

2

PoC: cve-2020-1472_Tool-collection

cve-2020-1472_Tool collection

2

PoC: zabbix-template-CVE-2020-1472

Zabbix Template to monitor for Windows Event Viewer event's related to Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472. Monitors event ID's 5827, 5828 & 5829. See: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

2

PoC: CVE-2020-1472

CVE-2020-1472漏洞复现过程

2

PoC: MassZeroLogon

Tool for mass testing ZeroLogon vulnerability CVE-2020-1472

1

PoC: ZeroLogon

CVE-2020-1472 C++

1

PoC: CVE-2020-1472

Exploit for zerologon cve-2020-1472

1

PoC: Zero-day-scanning

Zero-day-scanning is a Domain Controller vulnerability scanner, that currently includes checks for Zero-day-scanning (CVE-2020-1472), MS-PAR/MS-RPRN and SMBv2 Signing.

1

PoC: zerologon

zerologon script to exploit CVE-2020-1472 CVSS 10/10

1

PoC: CVE-2020-1472

CVE-2020-1472

1

PoC: apex-predator

Advanced AD Offensive Engine. Automates the path from stealthy recon to domain compromise. Features unauthenticated SMB Signing/NTLM Relay audits, ZeroLogon (CVE-2020-1472) hunting, and authenticated LAPS extraction. Engineered for Red Team precision with professional, executive-ready HTML reporting.

PoC: CVE-2020-1472-ZeroLogon-Analysis

Research project exploring the ZeroLogon vulnerability. Includes technical write-up on exploit chains, troubleshooting, and server hardening.

PoC: zerologon-lab

Scripts for a lab environment demonstrating the Zerologon (CVE-2020-1472) vulnerability.

PoC: ZeroLogon-PoC-DC-Pwn

Zerologon (CVE-2020-1472) Proof-of-Concept application - Critical Active Directory vulnerability exploitation tool.

PoC: Domain-Controller-DC-Exploitation-with-Metasploit-Impacket

End-to-end Domain Controller exploitation using Metasploit and Impacket: discovered DC10, exploited Zerologon (CVE-2020-1472), extracted NTLM hashes, gained SYSTEM shell, and established a Meterpreter session.

PoC: ZeroLogon-CVE-2020-1472-lab

Explicação e demonstração da vulnerabilidade ZeroLogon (CVE-2020-1472)

PoC: Simulating-and-preventing-Zerologon-CVE-2020-1472-vulnerability-attacks.

Simulation of the Zerologon (CVE-2020-1472) vulnerability attack in Active Directory on Windows Server 2016 and the use of the Trend Micro Deep Security solution to prevent such attacks.

PoC: ZerologonWithImpacket-CVE2020-1472

This project combines the Zerologon vulnerability exploit (CVE-2020-1472) with Impacket tools for streamlined exploitation and post-exploitation activities. It allows penetration testers to assess and demonstrate the impact of this critical vulnerability in a controlled and authorized environment.

PoC: zerologon-poc

A script to exploit CVE-2020-1472 (Zerologon)

PoC: CVE-2020-1472-LAB

Lab introduction to ZeroLogon

PoC: 0logon

MS-NRPC (Microsoft NetLogon Remote Protocol)/CVE-2020-1472

PoC: ZeroLogon-to-Shell

This is a combination of the zerologon_tester.py code (https://raw.githubusercontent.com/SecuraBV/CVE-2020-1472/master/zerologon_tester.py) and the tool evil-winrm to get a shell.

PoC: Zerologon-CVE-2020-1472

Zerologon exploit for CVE-2020-1472

PoC: zero-effort

Exploiting CVE-2020-1472 vulnerability (a.k.a Zerologon) without effort.

PoC: CVE-2020-1472-LAB

Lab introduction to ZeroLogon

PoC: MassZeroLogon

Tool for mass testing ZeroLogon vulnerability CVE-2020-1472

PoC: CVE-2020-1472

ZeroLogon exploitation script,One-click recovery of domain controller machine Hash

PoC: CVE-2020-1472

Exploit for zerologon cve-2020-1472,And automatically recover the domain control machine hash

PoC: ad-scanner

Active Directory scanner for MS17-010 MS14-068 CVE-2020-1472 etc...

PoC: zerologon

Set of scripts, to test and exploit the zerologon vulnerability (CVE-2020-1472).

PoC: CVE-2020-1472

Test tool for CVE-2020-1472

PoC: CVE-2020-1472

Fancy Zerologon Beta

PoC: ZeroLogon-Exploit

Modified the test PoC from Secura, CVE-2020-1472, to change the machine password to null

PoC: The_big_Zero

The following is the outcome of playing with CVE-2020-1472 and attempting to automate the process of gaining a shell on the DC

PoC: zerologon

Check for events that indicate non compatible devices -> CVE-2020-1472

PoC: CVE-2020-1472

CVE-2020-1472

PoC: CVE-2020-1472

CVE 2020-1472 Script de validación

PoC: CVE-2020-1472-Easy

A simple implementation/code smash of a bunch of other repos

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free