Skip to content
This repository has been archived by the owner on Jan 18, 2024. It is now read-only.
/ CVE-2021-1675-LPE Public archive

Local Privilege Escalation Edition for CVE-2021-1675/CVE-2021-34527

Notifications You must be signed in to change notification settings

hlldz/CVE-2021-1675-LPE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Local Privilege Escalation Edition of CVE-2021-1675/CVE-2021-34527

Local Privilege Escalation implementation of the CVE-2021-1675/CVE-2021-34527 (a.k.a PrintNightmare). The exploit is edited from published by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370).

Open the project on MSVC and compile with x64 Release mode. Exploit automatically finds UNIDRV.DLL, no changes are required in the code.

Usage

When executing the exploit, you need to DLL path as the first argument to the exploit. That's it and go!

CVE-2021-1675-LPE.exe PAYLOAD_DLL_PATH

Exploit has been tested on the fully updated Windows Server 2019 Standard.

CVE-2021-1675 - Local Privilege Escalation

Cobalt Strike

For Reflective DLL version only, you have to change the DLL path at line 111 in main.cpp file and then compile the project. Load lpe_cve_2021_1675.cna and use lpe_cve_2021_1675 command for execution of Reflective DLL.

CVE-2021-1675 - Local Privilege Escalation

Mitigation

Disable Spooler service

Stop-Service Spooler
REG ADD  "HKLM\SYSTEM\CurrentControlSet\Services\Spooler"  /v "Start " /t REG_DWORD /d "4" /f

Or Uninstall Print-Services

Uninstall-WindowsFeature Print-Services

References

Releases

No releases published

Packages

No packages published