Local Privilege Escalation implementation of the CVE-2021-1675 (a.k.a PrintNightmare). The exploit is edited from published by Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370).

Open the project on MSVC and compile with x64 Release mode. Exploit automatically finds UNIDRV.DLL, no changes are required in the code. Exploit will try 2 times because in my tests it doesn't succeed on the first try.

When executing the exploit, you need to give the local IP address as the first argument to the exploit. Then you have to give the full path of the DLL file, username and password.

CVE-2021-1675-LPE.exe IP_ADDRESS PAYLOAD_DLL_PATH USERNAME PASSWORD

Exploit has been tested on the fully updated Windows Server 2019 Standard.

Disable Spooler service

Stop-Service Spooler
REG ADD  "HKLM\SYSTEM\CurrentControlSet\Services\Spooler"  /v "Start " /t REG_DWORD /d "4" /f

Or Uninstall Print-Services

Uninstall-WindowsFeature Print-Services

• https://github.com/afwu/PrintNightmare
• https://twitter.com/hackerfantastic/status/1410069557398679552
• https://twitter.com/0gtweet/status/1410150462842544130