Leonardo Ferreira

Hacking, Programming and Random stuff

Exploiting Printnightmare (CVE-2021-1675)

Windows by design allows authenticated users to install and add drivers to a printer impersonating SYSTEM privileges, which could be exploited to achieve LPE and RCE (CVE-2021-1675). The only known mitigation for this vulnerability until this date (Wed, 21 July 2021) is to disable the print spooler service.

The purpose of this draft is only to document how this vulnerability could be exploited from a pentest/red team perspective. Details about the vulnerability itself (and its variations) could be found in other sources, such as: https://bit.ly/3rATH8v or https://bit.ly/36TIQgn.

Certified Red Team Expert (CRTE) - Review

I recently took the amazing “Windows Red Team Lab” course from PentesterAcademy, a prerequisite course for the Certified Red Team Expert (CRTE) certification. I must confess that I had my eye on this course for some time, mainly due to the topics covered in its content (anyone who knows me knows how much I like Active Directory exploitation and everything it involves ;). As I was a little tired of the HackTheBox boxes routine, I decided it would be a good time to start the lab and learn new AD stuff.

The purpose of this review is just to pass on a little of the experience I had in the lab and in the exam. Obviously, I have no intention of providing spoilers, lab walkthrough nor anything like that.