GitHub - hlldz/CVE-2021-1675-LPE: Local Privilege Escalation Edition for CVE-202...
source link: https://github.com/hlldz/CVE-2021-1675-LPE
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Local Privilege Escalation Edition of CVE-2021-1675
Local Privilege Escalation implementation of the CVE-2021-1675 (a.k.a PrintNightmare). The exploit is edited from published by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370).
Open the project on MSVC and compile with x64 Release mode. Exploit automatically finds UNIDRV.DLL, no changes are required in the code.
Usage
When executing the exploit, you need to DLL path as the first argument to the exploit. That's it and go!
CVE-2021-1675-LPE.exe PAYLOAD_DLL_PATH
Exploit has been tested on the fully updated Windows Server 2019 Standard.
Cobalt Strike
For Reflective DLL version only, you have to change the DLL path at line 111 in main.cpp file and then compile the project. Load lpe_cve_2021_1675.cna and use lpe_cve_2021_1675 command for execution of Reflective DLL.
Mitigation
Disable Spooler service
Stop-Service Spooler REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start " /t REG_DWORD /d "4" /f
Or Uninstall Print-Services
Uninstall-WindowsFeature Print-Services
References
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK