Skip to content

evilashz/CVE-2021-1675-LPE-EXP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

CVE-2021-1675-LPE

CVE-2021-1675-LPE

 
 

release

release

 
 

CVE-2021-1675-LPE.sln

CVE-2021-1675-LPE.sln

 
 

README.md

README.md

 
 

Repository files navigation

CVE-2021-1675-LPE-EXP

Simple LPE Exploit of CVE-2021-1675

Usage

CVE-2021-1675-LPE.exe C:\test\MyPigDLL.dll

MyPigDLL.dll,is a test DLL which will create C:\test.txt if succeed

Notice

  1. Add EnumPrinterDriversW for get pDriverPath, so We dont need change the "hardcode Driver path" everytime
  2. Dont need to work with RPC or SMB and this exploit will just directly load the dll which you provided
  3. The pDriverPath at Windows Server 2008 is
info.pDriverPath = (LPWSTR)L"C:\\Windows\\System32\\DriverStore\\FileRepository\\ntprint.inf_amd64_neutral_4616c3de1949be6d\\Amd64\\UNIDRV.DLL";

I cant get this Path via EnumPrinterDriversW, so change the info.pDriverPath in source code if you want to test this exploit at Windows Server 2008

In some situation its also has some bug... plz debug with the rough source code : )

Test Successed in :

Microsoft Windows Server 2012 R2 Datacenter [版本 6.3.9600]
Microsoft Windows 10 专业版 [版本 10.0.19041.685]
Microsoft Windows Server 2008 R2 Enterprise [版本 6.1.7601]

About

PrintNightmare , Local Privilege Escalation of CVE-2021-1675 or CVE-2021-34527

Topics

windows lpe hacktool redteam redteam-tools cve-2021-1675 printnightmare cve-2021-34527

Resources

Readme
Activity

Stars

57 stars

Watchers

4 watching

Forks

21 forks
Report repository

Releases 1

POC Latest
Jul 1, 2021

Packages

No packages published

Languages