1
0
Fork 0
mirror of https://github.com/cube0x0/CVE-2021-1675.git synced 2024-12-22 10:46:32 +00:00

updated readme

Signed-off-by: cube0x0 <vidfelt@protonmail.com>
This commit is contained in:
cube0x0 2021-06-30 13:05:18 +02:00
parent 6c519f9c9c
commit 2f4b1def94

View file

@ -19,7 +19,7 @@ cd impacket
python3 ./setup.py install python3 ./setup.py install
``` ```
#### CVE-2021-1675.py ### CVE-2021-1675.py
``` ```
usage: CVE-2021-1675.py [-h] [-hashes LMHASH:NTHASH] [-target-ip ip address] [-port [destination port]] target share usage: CVE-2021-1675.py [-h] [-hashes LMHASH:NTHASH] [-target-ip ip address] [-port [destination port]] target share
@ -84,3 +84,28 @@ REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v RestrictAnonymous /t REG_
# Reboot # Reboot
``` ```
### Scanning
We can use `rpcdump.py` from impacket to scan for vulnerable hosts, if it returns a value, it's vulnerable
```
rpcdump.py @192.168.1.10 | grep MS-RPRN
Protocol: [MS-RPRN]: Print System Remote Protocol
```
### Mitigation
Disable Spooler service
```powershell
Stop-Service Spooler
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start " /t REG_DWORD /d "4" /f
```
Or Uninstall Print-Services
```powershell
Uninstall-WindowsFeature Print-Services
```