mirror of
https://github.com/cube0x0/CVE-2021-1675.git
synced 2024-12-22 02:36:33 +00:00
Update README.md
This commit is contained in:
parent
640d1984cd
commit
d2e96c1dc7
1 changed files with 12 additions and 5 deletions
17
README.md
17
README.md
|
@ -8,6 +8,16 @@ Execute malicious DLL's remote or locally
|
|||
|
||||
![](Images/poc2.png)
|
||||
|
||||
### Patch update
|
||||
Microsoft has released a patch to mitigate against these attacks but if these values below are present on a machine, then the machine will still be vulnerable
|
||||
```
|
||||
REG QUERY "HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint"
|
||||
|
||||
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
|
||||
RestrictDriverInstallationToAdministrators REG_DWORD 0x0
|
||||
NoWarningNoElevationOnInstall REG_DWORD 0x1
|
||||
```
|
||||
|
||||
### Installation
|
||||
|
||||
Before running the exploit you need to install my version of Impacket and after that you're gucci
|
||||
|
@ -89,8 +99,9 @@ REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v RestrictAnonymous /t REG_
|
|||
We can use `rpcdump.py` from impacket to scan for potential vulnerable hosts, if it returns a value, it could be vulnerable
|
||||
|
||||
```bash
|
||||
rpcdump.py @192.168.1.10 | grep MS-RPRN
|
||||
rpcdump.py @192.168.1.10 | egrep 'MS-RPRN|MS-PAR'
|
||||
|
||||
Protocol: [MS-PAR]: Print System Asynchronous Remote Protocol
|
||||
Protocol: [MS-RPRN]: Print System Remote Protocol
|
||||
```
|
||||
|
||||
|
@ -103,9 +114,5 @@ Stop-Service Spooler
|
|||
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start" /t REG_DWORD /d "4" /f
|
||||
```
|
||||
|
||||
Or Uninstall Print-Services
|
||||
|
||||
```powershell
|
||||
Uninstall-WindowsFeature Print-Services
|
||||
```
|
||||
|
||||
|
|
Loading…
Reference in a new issue