Local Privilege Escalation Edition of CVE-2021-1675/CVE-2021-34527
Local Privilege Escalation implementation of the CVE-2021-1675/CVE-2021-34527 (a.k.a PrintNightmare). The exploit is edited from published by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370).
Open the project on MSVC and compile with x64 Release mode. Exploit automatically finds UNIDRV.DLL, no changes are required in the code.
Usage
When executing the exploit, you need to DLL path as the first argument to the exploit. That's it and go!
CVE-2021-1675-LPE.exe PAYLOAD_DLL_PATH
Exploit has been tested on the fully updated Windows Server 2019 Standard.
Cobalt Strike
For Reflective DLL version only, you have to change the DLL path at line 111 in main.cpp file and then compile the project. Load lpe_cve_2021_1675.cna and use lpe_cve_2021_1675 command for execution of Reflective DLL.
Mitigation
Disable Spooler service
Stop-Service Spooler
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start " /t REG_DWORD /d "4" /f
Or Uninstall Print-Services
Uninstall-WindowsFeature Print-Services