Coder Social home page Coder Social logo

cve-2020-1472's People

Contributors

dirkjanm avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

hansesecure virgilcj kaulanab milo2012 mpgn kazimer ustayready htkcodes alainw68 notmedic larimda shantanu561993 w4ter y1zl pyking likescam co0ontty techris45 jessefmoore raystyle th815 victor0013 blacktrace a11en4 majl potats0 xhbuming akpotter wang1921 ashr b0bac m-planck thx0701 kyokk amingolala fairyming ze0r weizn11 clavoillotte polinload fdlucifer takijoe test123test111 canhld94 ltvthang kali-tom ith4cker jermainlaforce 1captainnemo1 zshell angrypapa geefonline wang0098 marcdowie ducnp me009 ki11uaa guokers liupanxuexi jr69ss hw-yan samuelriesz unprovable puzzlepeaches lwzsoviet crackercat skysliently sjpi atorninja kali3426 j0bkeeper aixueyou h1d3r itzdan siddharthkumar02 will-777 makedangdang minkione rishi-7861 roguesupport-scott vrirus theologu perseverance-1 we88c0de orfeous th3xace 0x413x4 icepaule sukelluskello hackmycontrolsystem ferranespigares gr3yr0n1n crashish baroncrowley gkfnf peterg75 cyberxml bbghunter aaroncaiii dm168168

cve-2020-1472's Issues

No results running secretsdump.py

Hi!
First of all - thanks!
I have tried playing with the syntax after successfully running the exploit script but I'm unable to get any results from running secretsdump.py at the end

Is it something like this?
secretsdump.py -no-pass -just-dc <TARGET IP>

The output looks like this:

Impacket v0.9.22.dev1+20200915.115225.78e8c8e4 - Copyright 2020 SecureAuth Corporation

[*] Cleaning up...

Best regards,
Balackie

AttributeError: module 'impacket.dcerpc.v5.nrpc' has no attribute 'NetrServerPasswordSet2'

Performing authentication attempts...

Target vulnerable, changing account password to empty string
Traceback (most recent call last):
File "./cve-2020-1472-exploit.py", line 106, in
perform_attack('\\' + dc_name, dc_ip, dc_name)
File "./cve-2020-1472-exploit.py", line 84, in perform_attack
result = exploit(dc_handle, rpc_con, target_computer)
File "./cve-2020-1472-exploit.py", line 57, in exploit
request = nrpc.NetrServerPasswordSet2()
AttributeError: module 'impacket.dcerpc.v5.nrpc' has no attribute 'NetrServerPasswordSet2'

Error while restoring password

I get the following error and I'm not sure why:

impacket.dcerpc.v5.nrpc.DCERPCSessionError: NRPC SessionError: code: 0xc000018b - STATUS_NO_TRUST_SAM_ACCOUNT - The SAM database on the Windows Server does not have a computer account for this workstation trust relationship.

The command I'm running:

python3.7 restorepassword.py <NetBIOS name> -target-ip <IP> -hexpass <hexpass>

My OS: Linux
DC OS: Windows Server 2016

Restore Steps

Can you provide an example of how to use secretsdump.py to dump the plaintext machine password? I see that the restorepassword.py needs the hexpass, but I can not figure out how to get that.

Thanks

modify secretsdump.py to print hex values

The linked code is not working, the current releases didn't containing the reffered line.
Can you please post a working method to print the hex via secretsdump?
Thanks!

python37 attack fail

client: python37, windows 2008 R2, server: windows 2012 DC, encounter error: module 'impacket.dcerpc.v5.nrpc' has no attribute 'NetrServerPasswordSet2', this might have been caused by invalid arguments or network error。 how to resolve?

socket.gaierror: [Errno -2] Name or service not known

When running the restorepassword.py script I have this error socket.gaierror: [Errno -2] Name or service not known

⋊> ~/T/CVE-2020-1472 on master ⨯ python3 cve-2020-1472-exploit.py WIN-NP8JD7IHCC5 192.168.0.104                                                  10:12:29
Performing authentication attempts...
==========================================================================================================================
Target vulnerable, changing account password to empty string

Result: 0

Exploit complete!



⋊> ~/T/CVE-2020-1472 on master ⨯ python3 restorepassword.py poudlard.wizard/WIN-NP8JD7IHCC5@WIN-NP8JD7IHCC5 -hexpass xxxxxx
Impacket v0.9.22.dev1+20200914.162022.81d44893 - Copyright 2020 SecureAuth Corporation
 
Impacket v0.9.22.dev1+20200914.162022.81d44893 - Copyright 2020 SecureAuth Corporation

 

Traceback (most recent call last):
  File "restorepassword.py", line 150, in <module>
    action.dump(remoteName, options.target_ip)
  File "restorepassword.py", line 48, in dump
    stringbinding = epm.hept_map(remoteName, nrpc.MSRPC_UUID_NRPC, protocol = 'ncacn_ip_tcp')
  File "/usr/local/lib/python3.8/dist-packages/impacket/dcerpc/v5/epm.py", line 1256, in hept_map
    dce.connect()
  File "/usr/local/lib/python3.8/dist-packages/impacket/dcerpc/v5/rpcrt.py", line 801, in connect
    return self._transport.connect()
  File "/usr/local/lib/python3.8/dist-packages/impacket/dcerpc/v5/transport.py", line 342, in connect
    af, socktype, proto, canonname, sa = socket.getaddrinfo(self.getRemoteHost(), self.get_dport(), 0, socket.SOCK_STREAM)[0]
  File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known

Does not work with python 2 and 3.5

I have installed the latest IMPACKET and also ran the python script i get the below error :

python cve-2020-1472-exploit.py ba.local 192.168.75.131
File "cve-2020-1472-exploit.py", line 16
print(msg, file=sys.stderr)

I can ping the DC :

root@kali:~/AD-cve/CVE-2020-1472# ping 192.168.75.131
PING 192.168.75.131 (192.168.75.131) 56(84) bytes of data.
64 bytes from 192.168.75.131: icmp_seq=1 ttl=128 time=0.584 ms
64 bytes from 192.168.75.131: icmp_seq=2 ttl=128 time=0.300 ms

Any idea ? Thank you in advance

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.