Requires the latest impacket from GitHub with added netlogon structures.
Do note that by default this changes the password of the domain controller account. Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this!
Link to the original research https://www.secura.com/blog/zero-logon)
Only works on Python 3.6 and newer! If your OS comes installed with impacket (such as Kali), make sure to remove all existing installations first. If you still get import errors after this, run it from a virtualenv or pipenv.
- Read the blog/whitepaper above so you know what you're doing
- Run
cve-2020-1472-full-exploit.pywith IP and netbios name of DC - DCSync with secretsdump, using
-just-dcand-no-passor empty hashes and theDCHOSTNAME$account