CVE-2021-1675 PoC — Microsoft Windows Print Spooler Components 安全漏洞

Source

https://github.com/OppressionBreedsResistance/CVE-2021-1675-PrintNightmare

Associated Vulnerability

Title:Microsoft Windows Print Spooler Components 安全漏洞 (CVE-2021-1675)
Description:Microsoft Windows Print Spooler Components是美国微软（Microsoft）公司的一个打印后台处理程序组件。 Microsoft Windows Print Spooler Components存在安全漏洞。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for AR

Description

Working PowerShell POC

Readme

# CVE-2021-1675-PrintNightmare
Working PowerShell POC

Powershell script is copied from https://github.com/calebstewart/CVE-2021-1675
Respect for Caleb Stewart and John Hammond. 


I just wanted to have working poc close at hand. Ive added my custom DLL and an obfuscated version of powershell script. 

Obfuscated script loads DLL named "printed.dll" from "C:\windows\tracing" directory.

File Snapshot


 [4.0K]  /data/pocs/13915b6c5971ec2365b69563b36649a03d364090
├── [4.0K]  MyDLL2
│   ├── [ 421]  MyDLL2.cpp
│   ├── [ 617]  MyDLL2.h
│   ├── [6.9K]  MyDLL2.vcxproj
│   ├── [1.0K]  MyDLL2.vcxproj.filters
│   ├── [174K]  printer_clean.ps1
│   └── [171K]  printer_obf.ps1
├── [1.4K]  MyDLL2.sln
└── [ 390]  README.md

1 directory, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!