Skip to content

Invoke-ZeroLogon allows attackers to impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.

Notifications You must be signed in to change notification settings

BC-SECURITY/Invoke-ZeroLogon

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 

Repository files navigation

Invoke-ZeroLogon

This code was heavily adapted from the C# implementation by the NCC Group's Full Spectrum Attack Simulation team and the original CVE published by Secura. This script can be run in two modes:

  1. When the reset parameter is set to True, the script will attempt to reset the target computer’s password to the default NTLM hash (essentially an empty password).
  2. By default, reset is set to False and will simply scan if the target computer is vulnerable to the ZeroLogon exploit (CVE-2020-1472).

WARNING: Resetting the password of a Domain Controller is likely to break the network. DO NOT use the reset parameter against a production system unless you fully understand the risks and have explicit permission.

About

Invoke-ZeroLogon allows attackers to impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.

Resources

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

 

Packages

No packages published