It means that we can takeover any domain controller till now which haven't been patched for this exploit? Eg: can we takeover the forest machine from HTB from this exploit?
Apply the MS patch from the Microsoft website (support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc#EnforcementMode ) and if this is a Samba DC applying server channel config detailed on Samba website (www.samba.org/samba/security/CVE-2020-1472.html )
If you want to detect if you are vilnerable to this exploit, you can download a tool made by cynet you will find it in the end of this article : www.anissecurity.com/news/zerologon-vulnerability/
amazing video! I know it's an old video but I am trying to create an assignment where students can try to use this exploit; its for a penetration testing class. Would you know any way I can get my hands on a Windows Server 2019 ISO that's unpatched?
Could you please explain what marvel was? And during secret dump you added -just-dc what that stands for?...BY THE BIG FAN AND LOVE FROM INDIA💯🤩❤️ HAPPY TO SEE YOUR VIDEOS . GURU 🙇
I feel like I should find a scanner to detect this if possible (too dumb to make one in enough time). Would help a bit at work since I just spent how long making sure my systems were patched
@@dadquestionmark Yeah I managed to find the one from Secura and as far as I can tell it looks clean but will run it against a test dc at home first and see what it does.
I'm currently in the middle of three engagements. I ran this on two of them, I can no longer resolve hosts and authentication is acting weird. Is there a restore feature like script.py -r? Debating on trying it on the last engagement and just calling it a night. Thanks in advanced.
hey I don't think you should have run it on a engagement. you should try and restore it immediately because it can leave it vulnerable if it was not patched
Per the github instructions: "And that should show you the original NT hash of the machine account. You can then re-install that original machine account hash to the domain by python3 reinstall_original_pw[dot]py DC_NETBIOS_NAME DC_IP_ADDR ORIG_NT_HASH Reinstalling the original hash is necessary for the DC to continue to operate normally." github[dot]com/risksense/zerologon
@@gr4vedigg3r Whatever they should have patched their servers. One of the companies called me this morning raging that their network wasn't working, it's not my fault. Two directors and the CEO got on on a conference call and agreed with me that an attacker could have done the same thing. meh, they can restore from backups. I'll try again later tonight.
@@SensitiveEvent yea bt I wouldn't recommend running scripts tht hurt the clients network if I would want to run tht script I'd call them up and tell them to make a backup and have someone ready to fix it up if it goes down ;)
Superb education and awareness tips. Please throw more light on how you installed impacket, because the secretsdump.py command is not found on my kali 2020.3 I was only able to install impacket 0.9.21, please help out on how you installed 0.9.22
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
I really aspire to be like you Cyber Mentor. I hope to have a family and a good head on my shoulders like you, God Bless you sir!
my favorite mentor on youtube.
Thankyou for all this man 🔥 ur content is super helpful ♥️🙌
It means that we can takeover any domain controller till now which haven't been patched for this exploit?
Eg: can we takeover the forest machine from HTB from this exploit?
Yes, just tested it. It works
Thx a lot for the newest vulnerability review!!!
First video I'm seeing, didn't see the whole video, but liked anyway :)
I'm surprised that u still had this Hydra-DC virtual image that u setuped on penetration testing course. 😁
Great video 👍👍👍
Dope man, this is so litt
Please how were you able to run impacket in the virtual environment @4:23
you the best keep it up!
I bought your hacker bundle from ur new tcm academy really looking forward to learn together 😁
do not perform on production. this WILL destroy your system.
Going through your PEH right now. Christian at Intrinium told me I should buy in case you wanna give him a kick back 🤣🤣
So what's the solution for this?
Apply the MS patch from the Microsoft website (support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc#EnforcementMode ) and if this is a Samba DC applying server channel config detailed on Samba website (www.samba.org/samba/security/CVE-2020-1472.html )
If you want to detect if you are vilnerable to this exploit, you can download a tool made by cynet you will find it in the end of this article :
www.anissecurity.com/news/zerologon-vulnerability/
Thank bro That good!!! and easy to learning for beginner.
Awesome now I want to figure out how to counter this
The fact this vulnerability is very simple but also very dangerous to people with bad intentions... Note PATCH this on your stuff ASAP.
where i can get an AD unpathes?
amazing video! I know it's an old video but I am trying to create an assignment where students can try to use this exploit; its for a penetration testing class. Would you know any way I can get my hands on a Windows Server 2019 ISO that's unpatched?
there is any mitigation for this exploit?
i have one question that how do we identify that this vuln is there in the pc ?
Could you please explain what marvel was? And during secret dump you added -just-dc what that stands for?...BY THE BIG FAN AND LOVE FROM INDIA💯🤩❤️ HAPPY TO SEE YOUR VIDEOS . GURU 🙇
For what impacket is used? And how to use hashes inview of getting access?
Is attacker should be sitting in the network, to exploit this attack?
Nope
Yes unless you are silly enough to have your netlogon hanging on a public network.
How can I find the domain name of the target?
I feel like I should find a scanner to detect this if possible (too dumb to make one in enough time).
Would help a bit at work since I just spent how long making sure my systems were patched
I already automated this if you need the python script ping me.
@@samudrasarma6555 can you send me please ?
mr.root2203@gmail.com
There is a scanner script on GitHub, don't let random people on youtube send you one lol
@@dadquestionmark Yeah I managed to find the one from Secura and as far as I can tell it looks clean but will run it against a test dc at home first and see what it does.
@@911outrun Yep that's the one. Alternatively you could use wmi, for example, to check remote systems for the patch.
Love from INDIA ❤️
I AM YOU STUDENT AT UDEMY PRACTICAL ETHICAL HACKING ❤️
I'm very new to this field thats why I'm asking so much of doubts..don't mind bro 😁😅
Thank you for the share
How to find find vulnerability???
I'm currently in the middle of three engagements. I ran this on two of them, I can no longer resolve hosts and authentication is acting weird. Is there a restore feature like script.py -r? Debating on trying it on the last engagement and just calling it a night.
Thanks in advanced.
hey I don't think you should have run it on a engagement. you should try and restore it immediately because it can leave it vulnerable if it was not patched
Per the github instructions:
"And that should show you the original NT hash of the machine account. You can then re-install that original machine account hash to the domain by
python3 reinstall_original_pw[dot]py DC_NETBIOS_NAME DC_IP_ADDR ORIG_NT_HASH
Reinstalling the original hash is necessary for the DC to continue to operate normally."
github[dot]com/risksense/zerologon
wow
@@gr4vedigg3r Whatever they should have patched their servers. One of the companies called me this morning raging that their network wasn't working, it's not my fault. Two directors and the CEO got on on a conference call and agreed with me that an attacker could have done the same thing.
meh, they can restore from backups. I'll try again later tonight.
@@SensitiveEvent yea bt I wouldn't recommend running scripts tht hurt the clients network if I would want to run tht script I'd call them up and tell them to make a backup and have someone ready to fix it up if it goes down ;)
Is this exploit require target in same network ?
does it work remote with external ips ?
I did this exploitation. but it not correctly run, please help me
You should do a version using the print spooler vuln it doesn’t break the computer password!
More details please?
Is this tool allowed in OSCP exam?
Great 🔥
which hash do i use if i want to run reinstall_original_pw.py ?
Missed the 2018 kalilinux
How do you run in virtual env in Kali ?
is this safe to use on bug bounty targets? Or will set_empty_pw.py screw up their DC? Thanks
You won't find any public or private programs exposing their domain controller to public.
This exploit only windows server 2012?
Can you explain how you ran the virtual environment? Thanks!
Here's some documentation on that: novicenolonger.com/safe-python-playing-with-virtualenv/
@@Em-ef4vh Thanks, will try it out!
Sir how to insert a name in any website at particular place by hacking ? Which tools, method etc. is used for that?
Hack everything with Inspect Element
TCM
Hi sir...back with zerologon vulnerability....it was just short & wealthy more to get....suberub
it doesn't work
😵😵
Cuz the domain controller was patched.
Nice
Sir how to download old gnome environment on Kali Linux 2020
Your TH-cam fans are waiting for new content
Is this not new content?
@@TCMSecurityAcademy👌😂
tryhackme also created a room for this specific cve
Superb education and awareness tips. Please throw more light on how you installed impacket, because the secretsdump.py command is not found on my kali 2020.3
I was only able to install impacket 0.9.21, please help out on how you installed 0.9.22
did you manage to get impacket 0.9.22? if so how
Heyy...
First
first!