ZeroLogon Detection Script
Product Name: ZeroLogon Detection Script
Description : This script uses zeroLogon.exe to test the local machine to see if it is Vulnerable to ZeroLogon Exploit.
Details of zeroLogon.exe can be found here - https://docs.google.com/document/d/1FDUpTPYCwesGU-9YMV-ta4A6LjwTohMIzv5Kgbx4Pmc/edit?usp=sharing
This script uses Kasseya to retrieve the details of the local machine, the netBIOS name and IP address, and passes this to the zeroLogon.exe.
The script will check that the osType is Windows Server 20?? and will only run on these machines.
This does not guarantee that they are suitable targets (AD Controllers).
zeroLogon.exe then runs and the SUCCESS ro FAILURE result is captured and an email is sent with the result.
NB. Line 1 of the procedure contains the target email address - please change this to an appropriate address for your organisation.
The result is also written to the script log for the agent for reporting purposes.
Special thanks to Secura (https://www.secura.com/)
zeroLogon.exe is a compiled version of their script, downloaded from here - https://github.com/SecuraBV/CVE-2020-1472/
Secura's blog explains the exploit - https://www.secura.com/blog/zero-logon
1. extract the XML and exe from the attached zip
2. Put zeroLogon.exe in X:\Kaseya\WebPages\ManagedFiles\VSaSharedFiles
3. Import the XML
You can now run this on any Windows Domain Controllers, and check the Procedure Logs, or your email for the results.