来源

关联漏洞

描述

PrintNightmare , Local Privilege Escalation of CVE-2021-1675 or CVE-2021-34527

介绍

# CVE-2021-1675-LPE-EXP
**Simple LPE Exploit of CVE-2021-1675** 

## Usage

```
CVE-2021-1675-LPE.exe C:\test\MyPigDLL.dll
```

`MyPigDLL.dll`,is a test DLL which will create `C:\test.txt` if succeed

## Notice

1. Add `EnumPrinterDriversW` for get `pDriverPath`, so We dont need change the "hardcode Driver path" everytime
2. Dont need to work with RPC or SMB and this exploit will just directly load the dll which you provided
3. The `pDriverPath` at Windows Server 2008 is

```
info.pDriverPath = (LPWSTR)L"C:\\Windows\\System32\\DriverStore\\FileRepository\\ntprint.inf_amd64_neutral_4616c3de1949be6d\\Amd64\\UNIDRV.DLL";
```

I cant get this Path via `EnumPrinterDriversW`, so change the `info.pDriverPath` in source code if you want to test this exploit at Windows Server 2008 


-----
In some situation its also has some bug... plz debug with the rough source code  : )



Test Successed in  :

```
Microsoft Windows Server 2012 R2 Datacenter [版本 6.3.9600]
Microsoft Windows 10 专业版 [版本 10.0.19041.685]
Microsoft Windows Server 2008 R2 Enterprise [版本 6.1.7601]
```

文件快照

 [4.0K]  /data/pocs/d05c61ce6ed7b245b88d7e3ef0d65ee7838d3697
├── [4.0K]  CVE-2021-1675-LPE
│   ├── [1.3K]  CVE-2021-1675-LPE.APS
│   ├── [2.5K]  CVE-2021-1675-LPE.cpp
│   ├── [1.2K]  CVE-2021-1675-LPE.rc
│   ├── [7.3K]  CVE-2021-1675-LPE.vcxproj
│   ├── [1.2K]  CVE-2021-1675-LPE.vcxproj.filters
│   ├── [ 168]  CVE-2021-1675-LPE.vcxproj.user
│   └── [ 396]  resource.h
├── [1.4K]  CVE-2021-1675-LPE.sln
├── [1.1K]  README.md
└── [4.0K]  release
    ├── [124K]  CVE-2021-1675-LPE.exe
    └── [ 89K]  MyPigDLL.dll

2 directories, 11 files

备注