Requirements
- domain user
- unpatched server (prior to 2019 and without backported update)
PrintNightmare was a CVE that allowed any authenticated user to remotely install a printer driver via the print spooler service, which is enabled by default and could be used to privilege-escalate to domain administrator on a DC. This vulnerability was fixed in 2021.
To exploit, use msfvenom
to generate a reverse shell DLL. Use smbserver.py
(impacket) to host the DLL (make sure to pass -smb2support
flag).
Use the script below to exploit (username and password required; see example) GitHub - cube0x0/CVE-2021-1675: C# and Impacket implementation of PrintNightm…