In September 2020, the whitepaper for the CVE-2020-1472 vulnerability and the Zerologon testing script were released.
This post is a step-by-step procedure for using a specific exploit released by dirkjanm in Github and restoring the changes made in order to avoid problems in the Domain Controller’s functionality after the execution of the exploit.
During a red team engangement there are several choices for lateral movement, whether you have credentials or hashes. Each choice has different configuration requirements in order to work, while it leaves different fingerprints on the remote machine.
This post is about summarizing some of these lateral movement techniques based on SMB and checking the differences between them.
In a later post I ll try to summarize more lateral movement techniques like WinRM, WMI, PSRemote, RDP Hijacking and their alternatives with C# tools.