PrintNightmare , Local Privilege Escalation of CVE-2021-1675 or CVE-2021-34527

Overview

CVE-2021-1675-LPE-EXP

Simple LPE Exploit of CVE-2021-1675

Usage

CVE-2021-1675-LPE.exe C:\test\MyPigDLL.dll

MyPigDLL.dll,is a test DLL which will create C:\test.txt if succeed

Notice

  1. Add EnumPrinterDriversW for get pDriverPath, so We dont need change the "hardcode Driver path" everytime
  2. Dont need to work with RPC or SMB and this exploit will just directly load the dll which you provided
  3. The pDriverPath at Windows Server 2008 is
info.pDriverPath = (LPWSTR)L"C:\\Windows\\System32\\DriverStore\\FileRepository\\ntprint.inf_amd64_neutral_4616c3de1949be6d\\Amd64\\UNIDRV.DLL";

I cant get this Path via EnumPrinterDriversW, so change the info.pDriverPath in source code if you want to test this exploit at Windows Server 2008


In some situation its also has some bug... plz debug with the rough source code : )

Test Successed in :

Microsoft Windows Server 2012 R2 Datacenter [版本 6.3.9600]
Microsoft Windows 10 专业版 [版本 10.0.19041.685]
Microsoft Windows Server 2008 R2 Enterprise [版本 6.1.7601]
You might also like...
CVE-2021-4034: Local Privilege Escalation in polkit's pkexec proof of concept
CVE-2021-4034: Local Privilege Escalation in polkit's pkexec proof of concept

CVE-2021-4034 Proof of Concept Qualys researches found a pretty cool local privilege escalation vulnerability in Polkit's pkexec: writeup, tweet. This

This repository contains an exploit of CVE-2021-4034, a local privilege escalation in pkexec

pwnkit (CVE-2021-4034) Privilege Escalation exploit sample This repository contains an exploit of CVE-2021-4034, a local privilege escalation in pkexe

CVE-2021-4034 Add Root User - Pkexec Local Privilege Escalation

CVE-2021-4034 CVE-2021-4034 Add Root User - Pkexec Local Privilege Escalation 根据CVE-2021-4034进行了加强,执行Exploit将会默认添加用户名rooter,密码[email protected],并且rooter用户将具

An exploit for CVE-2021-4034 aka Pwnkit: Local Privilege Escalation in polkit's pkexec

CVE-2021-4034 Exploit Usage $ git clone https://github.com/whokilleddb/CVE-2021-4034 $ cd CVE-2021-4034 $ make [!] CVE-2021-4034 Exploit By whokilledd

CVE-2021-29337 - Privilege Escalation in MODAPI.sys (MSI Dragon Center)

CVE-2021-29337 - Privilege Escalation in MODAPI.sys (MSI Dragon Center) General Affected Product: MSI Dragon Center Affected Version: 2.0.104.0 Descri

CVE-2021-4034 One day for the polkit privilege escalation exploit

CVE-2021-4034 One day for the polkit privilege escalation exploit Just execute make, ./cve-2021-4034 and enjoy your root shell. The original advisory

Plex media server local privilige escalation poc - CVE-2021-42835

Local Privilege PlEXcalasion - CVE-2021-42835 Plex Media Server for Windows prior to version 1.25.0.5282, vulnerable to Time Of Check Time Of Use (TOC

Bring your own print driver privilege escalation tool

Concealed Position Concealed Position is a local privilege escalation attack against Windows using the concept of "Bring Your Own Vulnerability". Spec

SystemGap - Maintenance Tools after privilege escalation
SystemGap - Maintenance Tools after privilege escalation

SystemGap 适用于解决不稳定Windows漏洞提权成功后进行权限驻守的办法 SystemGap - 监听者 SystemGap 负责监听一个任意用户可读写的匿名管道,从管道中读取命令进行执行 SystemGapClient - 发送者 SystemGapClient 负责向匿名管道中传入指令

Just another
Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin.

RemotePotato0 Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin. RemotePotato0 is an exploit that allows you to escalate

PoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
PoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell DoS PoC for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a

Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell Exploit for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a

 PrintNightmare exploit
PrintNightmare exploit

PrintNightmare exploit CVE-2021-1675 / CVE-2021-34527 exploit. Reflective Dll implementation of the PrintNightmare PoC by Cornelis de Plaa (@Cneelis).

CVE-2021-3493 Ubuntu OverlayFS Local Privesc (Interactive Bash Shell & Execute Command Entered)
CVE-2021-3493 Ubuntu OverlayFS Local Privesc (Interactive Bash Shell & Execute Command Entered)

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not prop

vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.
vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.

CVE-2021-31727 and CVE-2021-31728 Public Reference for CVE-2021-31727 Exposes unrestricted disk read/write capabilities. Public Reference for CVE-2021

Kernel mode WinDbg extension and PoCs for token privilege investigation.

PrivFu Kernel mode WinDbg extension and PoCs for testing how token privileges work. There are notable repository and articles about token privilege ab

DNS and Target HTTP History Local Storage and Search

dooked DNS and Target HTTP History Local Storage and Search Installation Download Boost Library from the official website Extract the library into any

Project to check which Nt/Zw functions your local EDR is hooking

Probatorum EDR Userland Hook Checker Probatorum will check which Nt/Zw functions your local EDR is hooking. Most credit for this code goes to SolomonS

Owner
evilash
talk is cheap
evilash
CVE-2021-29337 - Privilege Escalation in MODAPI.sys (MSI Dragon Center)

CVE-2021-29337 - Privilege Escalation in MODAPI.sys (MSI Dragon Center) General Affected Product: MSI Dragon Center Affected Version: 2.0.104.0 Descri

Rajat Gupta 27 Jul 20, 2022
CVE-2021-3493 Ubuntu OverlayFS Local Privesc (Interactive Bash Shell & Execute Command Entered)

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not prop

3ND 32 Aug 29, 2022
vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.

CVE-2021-31727 and CVE-2021-31728 Public Reference for CVE-2021-31727 Exposes unrestricted disk read/write capabilities. Public Reference for CVE-2021

null 65 Sep 25, 2022
Ubuntu OverlayFS Local Privesc

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Affected Versions Ubuntu 20.10 Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Usage

Chris Wild 314 Sep 27, 2022
PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits

PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) Summary This is a remote code execution vulnerability tha

Jay K 68 Sep 14, 2022
Local Privilege Escalation Edition for CVE-2021-1675

Local Privilege Escalation Edition of CVE-2021-1675/CVE-2021-34527 Local Privilege Escalation implementation of the CVE-2021-1675/CVE-2021-34527 (a.k.

Halil Dalabasmaz 331 Sep 19, 2022
CVE-2021-1675 (PrintNightmare)

CVE-2021-1675(PrintNightmare) system shell poc for CVE-2021-1675 (Windows Print Spooler Elevation of Privilege) credit: Zhiniang Peng (@edwardzpeng) &

valen 70 Sep 30, 2022
CVE-2021-24084 Windows Local Privilege Escalation Left officially unpatched since 2020. Hence, its still a zero day

WindowsMDM-LPE-0Day Works best on Windows 11 CVE-2021-24084 Windows Local Privilege Escalation Left officially unpatched since 2020. Hence, its still

Exploit Blizzard 36 Aug 31, 2022
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034) https://seclists.org/oss-sec/2022/q1/80 http

Andris Raugulis 908 Sep 26, 2022
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation Usage Should work out of the box on Linux distributions based on U

Oliver Lyak 632 Oct 2, 2022