Zerologon (CVE-2020-1472) should only be exploited if you are aware of the consequences. Exploitation will result in the domain controller machine password being changed and will break domain replication if not restored to the original setting.
# Checking exploitability CrackMapExec
crackmapexec $ip smb -u $username -p $password -M zerologon
# Checking exploitability with Metasploit
use auxiliary/dmin/dcerpc/cve_2020_1472_zerologon
set rhosts $ip
check
# https://github.com/SecuraBV/CVE-2020-1472
./zerologon_tester.py $dcnetbiosname $ip{% embed url="https://github.com/dirkjanm/CVE-2020-1472" %}
{% embed url="https://www.crowdstrike.com/blog/cve-2020-1472-zerologon-security-advisory/" %}
{% embed url="https://www.sprocketsecurity.com/resources/how-to-exploit-zerologon" %}