其他分享
首页 > 其他分享> > 〖EXP〗Ladon打印机漏洞提权CVE-2021-1675复现

〖EXP〗Ladon打印机漏洞提权CVE-2021-1675复现

作者:互联网

基本情况

6月9日,微软发布6月安全更新补丁,修复了50个安全漏洞,其中包括一个Windows Print Spooler权限提升漏洞,漏洞CVE编号:CVE-2021-1675。未经身份验证的远程攻击者可利用该漏洞以SYSTEM权限在域控制器上执行任意代码,从而获得整个域的控制权。建议受影响用户及时更新漏洞补丁进行防护,做好资产自查以及预防工作,以免遭受黑客攻击。

漏洞描述

Print Spooler是Windows系统中用于管理打印相关事务的服务。

该漏洞在域环境中合适的条件下,无需任何用户交互,未经身份验证的远程攻击者就可以利用该漏洞以SYSTEM权限在域控制器上执行任意代码,从而获得整个域的控制权。

影响范围

Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

版本

Ladon >= 8.6

用法

Ladon CVE-2021-1675 DllPath

例子

Ladon CVE-2021-1675 c:\evil.dll
Ladon PrintNightmare c:\evil.dll

本地提权

Win2019
image

Win2016
image

Win10
image

远程提权

Win2016
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-OL4fxuKP-1625977967665)(http://k8gege.org/k8img/Ladon/exe/cve-2021-1675/2016_ISOK.PNG)]

相关POC

C++、Python、C#、PowerShell
https://github.com/afwu/PrintNightmare
https://github.com/cube0x0/CVE-2021-1675
https://github.com/calebstewart/CVE-2021-1675

Download

LadonGo (ALL OS)

https://github.com/k8gege/LadonGo/releases

Ladon (Windows & Cobalt Strike)

历史版本: https://github.com/k8gege/Ladon/releases
7.0版本:http://k8gege.org/Download
8.6版本:K8小密圈

标签:Ladon,based,10,Windows,Server,提权,Version,Systems,2021
来源: https://blog.csdn.net/k8gege/article/details/118652953