CVE-2021-1675

This repository contains a functional Python exploit for CVE-2021-1675 (PrintNightmare), which leverages the Windows Print Spooler service to achieve remote code execution (RCE) by abusing the RpcAddPrinterDriverEx function to load a malicious DLL from a remote share.

This repository contains a functional PowerShell exploit for CVE-2021-1675 (PrintNightmare), which leverages a vulnerability in the Windows Print Spooler service to achieve local privilege escalation (LPE) by loading a malicious DLL as a printer driver. The exploit includes a custom DLL payload that creates a new local administrator user with a specified password.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2021-1675 (PrintNightmare), leveraging the Windows Print Spooler service vulnerability. The exploit includes reflective DLL loading and has been tested on Windows Server 2019 Standard.

This repository provides detection and mitigation guidance for CVE-2021-1675 and CVE-2021-34527 (PrintNightmare), including Sysmon configurations, Splunk queries, and workaround fixes. It does not contain exploit code but offers technical details on vulnerability remediation.

This repository contains a functional Python exploit for CVE-2021-1675 (PrintNightmare), leveraging Impacket to perform remote DLL loading via the Windows Print Spooler service. It supports multiple modes including vulnerability checking, driver enumeration, and DLL deployment for remote code execution.

This repository contains a Cobalt Strike plugin for exploiting CVE-2021-1675 (PrintNightmare) to achieve local privilege escalation (LPE) on Windows systems. The exploit leverages reflective DLL loading and driver name obfuscation to bypass Defender/EDR.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2021-1675 (PrintNightmare). The exploit leverages the Windows Print Spooler service to load a malicious DLL (vlib.dll) via AddPrinterDriverEx, which spawns a reverse shell with elevated privileges.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2021-1675, leveraging the Windows Print Spooler service to load a malicious DLL. The exploit dynamically retrieves the printer driver path using `EnumPrinterDriversW` and abuses `AddPrinterDriverEx` to achieve privilege escalation.

This repository contains a Python script that scans for the presence of the PrintNightmare vulnerability (CVE-2021-1675) by checking if the target system exposes the Print System Remote Protocol via RPC. It does not exploit the vulnerability but detects potential exposure.

This repository contains a detailed technical analysis of the PrintNightmare vulnerability (CVE-2021-1675), focusing on network traffic analysis and exploit mechanics. It includes a PCAP analysis, exploit re-creation steps, and detection insights, but does not contain functional exploit code.

This repository contains a functional exploit for CVE-2021-1675, a local privilege escalation vulnerability in the Windows Print Spooler service. The exploit leverages the `AddPrinterDriverEx` API to load a malicious DLL with SYSTEM privileges.

This repository provides a detailed technical writeup on CVE-2021-1675, a Windows Print Spooler privilege escalation vulnerability. It includes affected versions, usage examples, and references to external PoCs, but does not contain functional exploit code.

This repository contains a functional C# exploit for CVE-2021-1675 (PrintNightmare), which leverages the Windows Print Spooler service to achieve arbitrary code execution via DLL injection. The exploit uses the AddPrinterDriverEx API to load a malicious DLL specified by the user.

This repository provides a Zeek script and Suricata rules to detect DCE RPC events related to the PrintNightmare vulnerability (CVE-2021-1675). It does not contain exploit code but focuses on detection mechanisms for the vulnerability.

This repository contains a Python script that scans for CVE-2021-1675 by checking if the MS-RPRN service is exposed via RPC. It uses rpcdump.py to query targets and logs vulnerable hosts to a file.

The repository contains only a README with a YouTube link and no actual exploit code or technical details. This is indicative of a social engineering lure rather than a legitimate PoC.

This repository contains a functional exploit for CVE-2021-1675 (PrintNightmare), leveraging the Windows Print Spooler service to achieve remote code execution via DLL injection. The exploit uses Impacket for RPC communication and supports both SMB and TCP/IP protocols.

This repository contains a functional PowerShell script that exploits CVE-2021-1675 (PrintNightmare) to achieve local privilege escalation by adding a new local administrator user or executing a custom DLL as NT AUTHORITY\SYSTEM. The exploit leverages the Windows Print Spooler service to load a malicious driver.

The repository lacks actual exploit code and only provides mitigation steps for disabling the Print Spooler service. It references CVE-2021-1675 but does not include technical details or functional exploit code.

This repository contains a functional PowerShell exploit for CVE-2021-1675 (PrintNightmare), which allows local privilege escalation by abusing the Windows Print Spooler service to load a malicious DLL and create a new local administrator account.

This PowerShell script applies a mitigation for CVE-2021-1675 by denying the 'System' account modify permissions on the Windows Print Spooler directory, preventing exploitation of the PrintNightmare vulnerability.

The repository contains no exploit code, only a vague README with a placeholder message in Chinese ('漏洞利用马上上传' translates to 'Exploit will be uploaded soon'). No technical details or functional code are provided.

This repository contains a functional exploit for CVE-2021-1675 (PrintNightmare), leveraging the MS-RPRN protocol to achieve remote code execution by manipulating printer driver installation paths. The exploit uses Impacket for RPC communication and demonstrates the vulnerability by copying a malicious DLL to a target system.

This repository contains a functional PowerShell script that exploits CVE-2021-1675 (PrintNightmare) to achieve local privilege escalation by adding a new local administrator user or executing a custom DLL as NT AUTHORITY\SYSTEM. The exploit leverages the Windows Print Spooler service to load a malicious driver.

This repository contains a functional PowerShell exploit for CVE-2021-1675 (PrintNightmare), which allows local privilege escalation by adding a new local administrator user via a malicious printer driver. The exploit includes a custom DLL payload and leverages the Windows Print Spooler service to execute arbitrary code as NT AUTHORITY\SYSTEM.

This repository contains a functional exploit for CVE-2021-1675 (PrintNightmare), including a DLL payload and PowerShell scripts to trigger the vulnerability. The exploit leverages the Windows Print Spooler service to execute arbitrary code with SYSTEM privileges.

This repository provides a modified version of the PrintNightmare exploit (CVE-2021-1675) to support remote execution. It requires uploading specific files to a remote server and setting up port forwarding for exploitation.

This repository provides a PowerShell script using Desired State Configuration (DSC) to mitigate CVE-2021-1675 (PrintNightmare) by disabling the Print Spooler service across multiple servers in specified Active Directory OUs. It includes a detailed README explaining the vulnerability and mitigation steps.

This repository contains a functional Python exploit for CVE-2021-1675 (PrintNightmare), which leverages the Windows Print Spooler service to achieve remote code execution via a crafted driver installation. The exploit uses Impacket for RPC communication and demonstrates the vulnerability by copying a malicious DLL to a target system.

The repository contains no exploit code or technical details related to CVE-2021-1675. Instead, it appears to be a legitimate Swift library for displaying GIFs in a HUD, unrelated to the CVE.

The repository is unrelated to CVE-2021-1675 (PrintNightmare) and instead contains Django registration templates. No exploit code or technical details about the vulnerability are present.

This PowerShell script exploits CVE-2021-1675 (PrintNightmare) to add a new local administrator user or execute a custom DLL with SYSTEM privileges. It leverages the Windows Print Spooler service to load a malicious driver, achieving local privilege escalation.

This repository contains a functional C# exploit for CVE-2021-1675, a Windows Print Spooler elevation of privilege vulnerability. The exploit leverages the AddPrinterDriverEx API to load arbitrary DLLs, demonstrating the vulnerability's potential for local privilege escalation.

This repository contains a functional PowerShell exploit for CVE-2021-1675 (PrintNightmare), which leverages a vulnerability in the Windows Print Spooler service to achieve local privilege escalation (LPE) by loading a malicious DLL. The exploit includes a custom DLL payload that creates a new local administrator user with a specified password.

The repository provides a one-liner to download and execute an external ZIP file, which is a common tactic for distributing malware or fake exploits. No actual exploit code or technical details about CVE-2021-1675 are included in the repository.

This repository provides a detailed technical analysis of the PrintNightmare vulnerability (CVE-2021-1675 and CVE-2021-34527), focusing on detection via Windows Event Logs. It includes specific event logs and error codes related to the exploitation of the Print Spooler service.

This repository contains a functional Python exploit for CVE-2021-1675 (PrintNightmare), which leverages the Windows Print Spooler service to achieve remote code execution by uploading a malicious DLL. The exploit uses Impacket for RPC communication and demonstrates the vulnerability by abusing the `RpcAddPrinterDriverEx` function.

This PowerShell script exploits CVE-2021-1675 (PrintNightmare) to achieve local privilege escalation by adding a new local administrator user via a malicious printer driver. It includes a built-in DLL payload and supports custom DLL execution.

This repository contains a functional C# exploit for CVE-2021-1675, a Windows Print Spooler elevation of privilege vulnerability. The exploit leverages the AddPrinterDriverEx API to load arbitrary DLLs, demonstrating the vulnerability's potential for local privilege escalation.

This repository contains a functional exploit for CVE-2021-1675 (PrintNightmare), leveraging the Windows Print Spooler service to achieve remote code execution via a malicious DLL. The exploit uses the MS-RPRN protocol to manipulate printer driver configurations and execute arbitrary code.

The repository contains only a minimal Makefile with a placeholder test target, lacking any functional exploit code or technical details related to CVE-2021-1675. It appears to be an incomplete or placeholder project.

This repository provides a mitigation script for CVE-2021-1675, a zero-day vulnerability in the Windows Print Spooler service. It includes a PowerShell script to disable the Spooler service across multiple servers as a temporary workaround.

This repository provides CarbonBlack hunting queries for detecting exploitation attempts of CVE-2021-1675 (PrintNightmare). It includes Sigma-based rules to identify suspicious file modifications, module loads, and process behaviors associated with the vulnerability.

This repository contains a PowerShell script that mitigates CVE-2021-1675 by removing members from the 'Pre-Windows 2000 Compatible Access' group, which is a known attack vector for this vulnerability. The script checks for the presence of relevant Microsoft hotfixes before applying the mitigation.

This Metasploit module exploits CVE-2021-1675 (PrintNightmare) by abusing the Print Spooler service to load a malicious DLL via a crafted DCERPC request, leading to remote code execution as NT AUTHORITY\SYSTEM. It uses the MS-RPRN vector and requires the Print Spooler service to be running.

This repository contains a functional PowerShell exploit for CVE-2021-1675 (PrintNightmare), which leverages a vulnerability in the Windows Print Spooler service to achieve local privilege escalation (LPE) by loading a malicious DLL as NT AUTHORITY\SYSTEM. The exploit includes a custom DLL payload that creates a new local administrator user with a specified password.

This repository contains functional exploit code for CVE-2021-1675 (PrintNightmare), including both Python and C# implementations. The exploit leverages the Windows Print Spooler service to achieve remote code execution (RCE) or local privilege escalation (LPE) by loading a malicious DLL.

This repository contains a functional Python exploit for CVE-2021-1675 (PrintNightmare), which leverages the MS-RPRN protocol to achieve remote code execution by manipulating printer driver installation. The exploit uses Impacket for RPC communication and includes logic to enumerate and exploit vulnerable driver paths.

This repository contains a functional PowerShell exploit for CVE-2021-1675 (PrintNightmare), which leverages a vulnerability in the Windows Print Spooler service to achieve local privilege escalation (LPE) by loading a malicious DLL. The exploit includes a custom DLL payload that creates a new local administrator user with a specified password.

This repository contains a functional Python exploit for CVE-2021-1675 (PrintNightmare), which leverages the Windows Print Spooler service to achieve remote code execution via a malicious DLL. The exploit uses the MS-RPRN protocol to manipulate printer driver configurations and trigger arbitrary file writes.

This repository contains a functional exploit for CVE-2021-1675, leveraging the Print Spooler service to bypass SeLoadDriverPrivilege checks and achieve local privilege escalation by installing a malicious DLL. The exploit includes source code for both the main executable and the payload DLL, with clear compilation and execution instructions.

This repository contains a functional PowerShell exploit for CVE-2021-1675 (PrintNightmare), which leverages a vulnerability in the Windows Print Spooler service to achieve local privilege escalation (LPE) by loading a malicious DLL as NT AUTHORITY\SYSTEM. The exploit includes a custom DLL payload that adds a new local administrator user with a specified password.

This repository contains a functional exploit for CVE-2021-1675 (PrintNightmare), leveraging Impacket to execute malicious DLLs remotely or locally via the Print Spooler service. The exploit uses the MS-RPRN protocol to add a printer driver, leading to remote code execution.

This repository contains functional exploit code for CVE-2021-1675 (PrintNightmare), including both Python and C# implementations. The exploit leverages the Windows Print Spooler service to achieve remote code execution (RCE) or local privilege escalation (LPE) by loading a malicious DLL.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2021-1675 (PrintNightmare), leveraging the Windows Print Spooler service to load a malicious DLL. The exploit automates the discovery of the target DLL path and uses AddPrinterDriverExW to achieve privilege escalation.

This repository contains a functional PowerShell exploit for CVE-2021-1675 (PrintNightmare), which leverages a vulnerability in the Windows Print Spooler service to achieve local privilege escalation (LPE) by loading a malicious DLL. The exploit includes a custom DLL payload that adds a new local administrator user with a specified password.

This repository contains a functional PowerShell exploit for CVE-2021-1675 (PrintNightmare), which leverages the Windows Print Spooler service to achieve local privilege escalation (LPE). The exploit dynamically generates or accepts a custom DLL payload, uses reflective API calls to interact with the Print Spooler, and adds a new user to the local administrators group by default.

This repository contains a functional exploit for CVE-2021-1675 (PrintNightmare), which allows remote code execution (RCE) on Windows systems via the Print Spooler service. It includes a Dockerized environment with tools like Impacket and Responder to facilitate exploitation, including credential relaying and malicious DLL execution.

This repository contains functional exploit code for CVE-2021-1675 (PrintNightmare), including both Python and C# implementations. The exploit leverages the Windows Print Spooler service to achieve remote code execution (RCE) or local privilege escalation (LPE) by loading a malicious DLL.

This repository contains functional exploit code for CVE-2021-1675 (PrintNightmare), including both a Python-based remote code execution (RCE) tool using Impacket and a C# local privilege escalation (LPE) implementation. The exploits leverage the Windows Print Spooler service to execute arbitrary DLLs.