mirror of
https://github.com/cube0x0/CVE-2021-1675.git
synced 2024-12-22 10:46:32 +00:00
Update README.md
This commit is contained in:
parent
640d1984cd
commit
d2e96c1dc7
1 changed files with 12 additions and 5 deletions
17
README.md
17
README.md
|
@ -8,6 +8,16 @@ Execute malicious DLL's remote or locally
|
||||||
|
|
||||||
![](Images/poc2.png)
|
![](Images/poc2.png)
|
||||||
|
|
||||||
|
### Patch update
|
||||||
|
Microsoft has released a patch to mitigate against these attacks but if these values below are present on a machine, then the machine will still be vulnerable
|
||||||
|
```
|
||||||
|
REG QUERY "HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint"
|
||||||
|
|
||||||
|
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
|
||||||
|
RestrictDriverInstallationToAdministrators REG_DWORD 0x0
|
||||||
|
NoWarningNoElevationOnInstall REG_DWORD 0x1
|
||||||
|
```
|
||||||
|
|
||||||
### Installation
|
### Installation
|
||||||
|
|
||||||
Before running the exploit you need to install my version of Impacket and after that you're gucci
|
Before running the exploit you need to install my version of Impacket and after that you're gucci
|
||||||
|
@ -89,8 +99,9 @@ REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v RestrictAnonymous /t REG_
|
||||||
We can use `rpcdump.py` from impacket to scan for potential vulnerable hosts, if it returns a value, it could be vulnerable
|
We can use `rpcdump.py` from impacket to scan for potential vulnerable hosts, if it returns a value, it could be vulnerable
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
rpcdump.py @192.168.1.10 | grep MS-RPRN
|
rpcdump.py @192.168.1.10 | egrep 'MS-RPRN|MS-PAR'
|
||||||
|
|
||||||
|
Protocol: [MS-PAR]: Print System Asynchronous Remote Protocol
|
||||||
Protocol: [MS-RPRN]: Print System Remote Protocol
|
Protocol: [MS-RPRN]: Print System Remote Protocol
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -103,9 +114,5 @@ Stop-Service Spooler
|
||||||
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start" /t REG_DWORD /d "4" /f
|
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start" /t REG_DWORD /d "4" /f
|
||||||
```
|
```
|
||||||
|
|
||||||
Or Uninstall Print-Services
|
|
||||||
|
|
||||||
```powershell
|
|
||||||
Uninstall-WindowsFeature Print-Services
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue