Abusing PrintNightmare RCE (CVE-2021-1675) – Dump Hashes on Domain Controllers



The exploit abuses the Print Spooler in Windows to load malicious DLL files. This video shows how this exploit is being used as a Remote Code Execution vulnerability, along with how to mitigate against these attacks. Check out the previous video to see how this same vulnerability can be used for Local Privilege Escalation.

Disclaimer: This content is intended to be consumed by cyber security professionals, ethical hackers, and penetration testers. Any attacks performed in this video should only be performed in environments that you control or have explicit permission to perform them on.

Please consider sharing with a friend, hitting the like button, and subscribing!

Github Resources mentioned in this video:
https://github.com/calebstewart/CVE-2021-1675
https://github.com/cube0x0/CVE-2021-1675

Part One:

👇 SUBSCRIBE TO INFINITELOGINS YOUTUBE CHANNEL NOW 👇
https://www.youtube.com/c/infinitelogins?sub_confirmation=1

00:00 – Intro
00:30 – Reviewing Exploit
02:30 – Reviewing Environment
04:00 – Generating Payload
05:30 – Hosting the Payload
07:15 – Running Exploit
11:45 – Mitigation

___________________________________________
Social Media:
Website: https://infinitelogins.com/
Twitter: https://twitter.com/infinitelogins
Twitch: https://www.twitch.tv/infinitelogins

___________________________________________
Donations and Support:
Like my content? Please consider supporting me on Patreon:
https://www.patreon.com/infinitelogins

Purchase a VPN Using my Affiliate Link
https://www.privateinternetaccess.com/pages/buy-vpn/infinitelogins

___________________________________________
#CVE #PrintNightmare #WindowsVulnerablility

source