Zerologon Exploiter is an Agent Plugin for Infection Monkey that exploits the Zerologon vulnerability CVE-2020-1472 in Windows. This plugin takes advantage of this vulnerability to temporarily change the password of the domain controller after which we can propagate to the target machine using any other exploiter.
Note: This is not a safe plugin to run in a production environment
For more information, see the Zerologon Exploiter Plugin documentation.
To create the resulting Zerologon archive, follow these steps:
-
Clone the Repository
$ git clone https://github.com/guardicode/zerologon-exploiter.git $ cd zerologon-exploiter -
Install development dependencies
This project uses Poetry for managing dependencies and virtual environments, and pre-commit for managing pre-commit hooks.
$ pip install pre-commit poetry $ pre-commit install -t pre-commit $ poetry install
The test suite can be run with the following command:
poetry run pytestTo build the plugin, run the Agent Plugin Builder.
poetry run build_agent_plugin .The build tool will create Zerologon-exploiter.tar, which can be installed in
the Monkey Island.