mirror of
https://github.com/cube0x0/CVE-2021-1675.git
synced 2024-12-22 10:46:32 +00:00
updated readme
Signed-off-by: cube0x0 <vidfelt@protonmail.com>
This commit is contained in:
parent
6c519f9c9c
commit
2f4b1def94
1 changed files with 26 additions and 1 deletions
27
README.md
27
README.md
|
@ -19,7 +19,7 @@ cd impacket
|
|||
python3 ./setup.py install
|
||||
```
|
||||
|
||||
#### CVE-2021-1675.py
|
||||
### CVE-2021-1675.py
|
||||
|
||||
```
|
||||
usage: CVE-2021-1675.py [-h] [-hashes LMHASH:NTHASH] [-target-ip ip address] [-port [destination port]] target share
|
||||
|
@ -84,3 +84,28 @@ REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v RestrictAnonymous /t REG_
|
|||
# Reboot
|
||||
```
|
||||
|
||||
### Scanning
|
||||
|
||||
We can use `rpcdump.py` from impacket to scan for vulnerable hosts, if it returns a value, it's vulnerable
|
||||
|
||||
```
|
||||
rpcdump.py @192.168.1.10 | grep MS-RPRN
|
||||
|
||||
Protocol: [MS-RPRN]: Print System Remote Protocol
|
||||
```
|
||||
|
||||
### Mitigation
|
||||
|
||||
Disable Spooler service
|
||||
|
||||
```powershell
|
||||
Stop-Service Spooler
|
||||
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start " /t REG_DWORD /d "4" /f
|
||||
```
|
||||
|
||||
Or Uninstall Print-Services
|
||||
|
||||
```powershell
|
||||
Uninstall-WindowsFeature Print-Services
|
||||
```
|
||||
|
||||
|
|
Loading…
Reference in a new issue