Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hlldz/CVE-2021-1675-LPE

Local Privilege Escalation Edition for CVE-2021-1675/CVE-2021-34527
https://github.com/hlldz/CVE-2021-1675-LPE

cobaltstrike cve-2021-1675 cve-2021-34527 exploit lpe printnightmare reflectivedll windows

Last synced: 22 days ago
JSON representation

Local Privilege Escalation Edition for CVE-2021-1675/CVE-2021-34527

Awesome Lists containing this project

README 

        
# Local Privilege Escalation Edition of CVE-2021-1675/CVE-2021-34527



Local Privilege Escalation implementation of the CVE-2021-1675/CVE-2021-34527 (a.k.a PrintNightmare). The exploit is edited from published by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370).



Open the project on MSVC and compile with x64 Release mode. Exploit automatically finds UNIDRV.DLL, no changes are required in the code. 



## Usage



When executing the exploit, you need to DLL path as the first argument to the exploit. That's it and go!



```

CVE-2021-1675-LPE.exe PAYLOAD_DLL_PATH

```



Exploit has been tested on the fully updated Windows Server 2019 Standard.



CVE-2021-1675 - Local Privilege Escalation



## Cobalt Strike



For Reflective DLL version only, you have to change the DLL path at line 111 in main.cpp file and then compile the project. Load lpe_cve_2021_1675.cna and use lpe_cve_2021_1675 command for execution of Reflective DLL.



CVE-2021-1675 - Local Privilege Escalation



## Mitigation



Disable Spooler service



```powershell

Stop-Service Spooler

REG ADD  "HKLM\SYSTEM\CurrentControlSet\Services\Spooler"  /v "Start " /t REG_DWORD /d "4" /f

```



Or Uninstall Print-Services



```powershell

Uninstall-WindowsFeature Print-Services

```

## References

* https://github.com/afwu/PrintNightmare

* https://twitter.com/hackerfantastic/status/1410069557398679552

* https://twitter.com/0gtweet/status/1410150462842544130