关联漏洞
标题:
Microsoft Windows Netlogon 安全特征问题漏洞
(CVE-2020-1472)
描述:Microsoft Windows Netlogon是美国微软(Microsoft)公司的Windows的一个重要组件,主要功能是用户和机器在域内网络上的认证,以及复制数据库以进行域控备份,同时还用于维护域成员与域之间、域与域控之间、域DC与跨域DC之间的关系。 Microsoft Windows Netlogon 存在安全漏洞。攻击者可以使用 Netlogon 远程协议 (MS-NRPC) 建立与域控制器的易受攻击的 Netlogon 安全通道连接并进行特权提升。
描述
Simulation of the Zerologon (CVE-2020-1472) vulnerability attack in Active Directory on Windows Server 2016 and the use of the Trend Micro Deep Security solution to prevent such attacks.
介绍
# Simulating-and-preventing-Zerologon-CVE-2020-1472-vulnerability-attacks.
Simulation of the Zerologon (CVE-2020-1472) vulnerability attack in Active Directory on Windows Server 2016 and the use of the Trend Micro Deep Security solution to prevent such attacks.
The Zerologon vulnerability is a weakness in the Netlogon protocol that can be exploited without requiring a password, allowing attackers to easily take control of the Domain Controller in the Active Directory system.
# Tools
- VMware Workstation
- Windows Server 2016
- Active Directory
- Kali Linux
- Docker
- Zerologon (CVE-2020-1472) : In this attack simulation Checker & Exploit Code for CVE-2020-1472 aka Zerologon was used from https://github.com/VoidSec/CVE-2020-1472?tab=readme-ov-file.
- Python
- Trend Micro Deep Security
# Operating Results
- Report : [Preventing-Zerologon_TrendMicroDeepSecurity.pdf](https://github.com/user-attachments/files/19119536/Preventing-Zerologon_TrendMicroDeepSecurity.pdf)
- Presentation : https://www.canva.com/design/DAGgprAk-7w/AHZBOGVKFCevhfDvBI9Ehg/edit?utm_content=DAGgprAk-7w&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton
文件快照
[4.0K] /data/pocs/6e403a2ac5671164c4364482ab4fcd53d0bbe357
└── [1.1K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。