CVE-2021-1675-LPE icon indicating copy to clipboard operation
CVE-2021-1675-LPE copied to clipboard

Published 20 hours ago verified publisher icon hlldz

Metadata

Local Privilege Escalation Edition for CVE-2021-1675/CVE-2021-34527

Local Privilege Escalation Edition of CVE-2021-1675/CVE-2021-34527

Local Privilege Escalation implementation of the CVE-2021-1675/CVE-2021-34527 (a.k.a PrintNightmare). The exploit is edited from published by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370).

Open the project on MSVC and compile with x64 Release mode. Exploit automatically finds UNIDRV.DLL, no changes are required in the code.

Usage

When executing the exploit, you need to DLL path as the first argument to the exploit. That's it and go!

CVE-2021-1675-LPE.exe PAYLOAD_DLL_PATH

Exploit has been tested on the fully updated Windows Server 2019 Standard.

CVE-2021-1675 - Local Privilege Escalation

Cobalt Strike

For Reflective DLL version only, you have to change the DLL path at line 111 in main.cpp file and then compile the project. Load lpe_cve_2021_1675.cna and use lpe_cve_2021_1675 command for execution of Reflective DLL.

CVE-2021-1675 - Local Privilege Escalation

Mitigation

Disable Spooler service

Stop-Service Spooler
REG ADD  "HKLM\SYSTEM\CurrentControlSet\Services\Spooler"  /v "Start " /t REG_DWORD /d "4" /f

Or Uninstall Print-Services

Uninstall-WindowsFeature Print-Services

References

  • https://github.com/afwu/PrintNightmare
  • https://twitter.com/hackerfantastic/status/1410069557398679552
  • https://twitter.com/0gtweet/status/1410150462842544130

Metadata

329
Stars
79
Forks
Watchers

Owner

verified publisher icon hlldz

Metadata

Local Privilege Escalation Edition for CVE-2021-1675/CVE-2021-34527

Back