PrintNightmare , Local Privilege Escalation of CVE-2021-1675 or CVE-2021-34527
Simple LPE Exploit of CVE-2021-1675
CVE-2021-1675-LPE.exe C:\test\MyPigDLL.dll
MyPigDLL.dll
,is a test DLL which will create C:\test.txt
if succeed
EnumPrinterDriversW
for get pDriverPath
, so We dont need change the "hardcode Driver path" everytimepDriverPath
at Windows Server 2008 isinfo.pDriverPath = (LPWSTR)L"C:\\Windows\\System32\\DriverStore\\FileRepository\\ntprint.inf_amd64_neutral_4616c3de1949be6d\\Amd64\\UNIDRV.DLL";
I cant get this Path via EnumPrinterDriversW
, so change the info.pDriverPath
in source code if you want to test this exploit at Windows Server 2008
In some situation its also has some bug... plz debug with the rough source code : )
Test Successed in :
Microsoft Windows Server 2012 R2 Datacenter [版本 6.3.9600]
Microsoft Windows 10 专业版 [版本 10.0.19041.685]
Microsoft Windows Server 2008 R2 Enterprise [版本 6.1.7601]