|
|
@ -19,7 +19,7 @@ cd impacket |
|
|
|
python3 ./setup.py install |
|
|
|
python3 ./setup.py install |
|
|
|
``` |
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
#### CVE-2021-1675.py |
|
|
|
### CVE-2021-1675.py |
|
|
|
|
|
|
|
|
|
|
|
``` |
|
|
|
``` |
|
|
|
usage: CVE-2021-1675.py [-h] [-hashes LMHASH:NTHASH] [-target-ip ip address] [-port [destination port]] target share |
|
|
|
usage: CVE-2021-1675.py [-h] [-hashes LMHASH:NTHASH] [-target-ip ip address] [-port [destination port]] target share |
|
|
@ -84,3 +84,28 @@ REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v RestrictAnonymous /t REG_ |
|
|
|
# Reboot |
|
|
|
# Reboot |
|
|
|
``` |
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Scanning |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We can use `rpcdump.py` from impacket to scan for vulnerable hosts, if it returns a value, it's vulnerable |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
rpcdump.py @192.168.1.10 | grep MS-RPRN |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Protocol: [MS-RPRN]: Print System Remote Protocol |
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Mitigation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disable Spooler service |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```powershell |
|
|
|
|
|
|
|
Stop-Service Spooler |
|
|
|
|
|
|
|
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start " /t REG_DWORD /d "4" /f |
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Or Uninstall Print-Services |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```powershell |
|
|
|
|
|
|
|
Uninstall-WindowsFeature Print-Services |
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|