ly4k / spoolfool Goto Github PK
View Code? Open in Web Editor NEWExploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)
License: MIT License
Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)
License: MIT License
It seems like worked but, I don't know the new password
Windows Defender with default settings appears to block this - the exe won't download, and the PS script won't run. You get "This script contains malicious content and has been blocked by your antivirus software."
So...all okay, I guess?
Hi Oliver,
Update : the Poc will work well on an existing printer that the user has full control over
It seems that the provided PoC will not run at several windows Servers.
Windows server 2016 :
PS C:\Users\test\Desktop> .\SpoolFool.exe -dll AddUser.dll
[*] Using printer name: Microsoft XPS Document Writer v4
[*] Using driver directory: 4
[*] Using temporary base directory: C:\Users\test\AppData\Local\Temp\0777935b-9de1-439d-ba02-4d9e5fafcb13
[*] Trying to open existing printer: Microsoft XPS Document Writer v4
[*] Failed to open existing printer: Microsoft XPS Document Writer v4
[*] Trying to create printer: Microsoft XPS Document Writer v4
[-] Failed to create printer: Microsoft XPS Document Writer v4
Tested the same with Win2012R2
I should add that running Add-Printer -Name "test" -DriverName "Microsoft XPS Document Writer v4" -PortName "portprompt:"
Terminates with :
PS C:\Users\test\Desktop> Add-Printer -Name "test" -DriverName "Microsoft XPS Document Writer v4" -PortName "portprompt:" | fl
Add-Printer : Access was denied to the specified resource.
At line:1 char:1
+ Add-Printer -Name "test" -DriverName "Microsoft XPS Document Writer v ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (MSFT_Printer:ROOT/StandardCimv2/MSFT_Printer) [Add-Printer], CimException
+ FullyQualifiedErrorId : HRESULT 0x80070005,Add-Printer
PS C:\Users\test\Desktop>
In the writeup you do mention the lack of the desired permissions in Windows servers, but as I understand it is still should work ?
Accoring MSRC all servers are vulnerable too.
Cheers,
Bryant
Readme.md minor fix.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.