Windows 10 Version 20H2 #4
Comments
|
Does the script have to be ran against a domain controller for RpcAddPrinterDriverEx to work? Or can this exploit be used to gain admin access on a local windows machine? |
|
The exact versions of Windows which are affected by this vulnerability are still evolving. I had not been able to get this specific vulnerability to exploit on any Windows 10 target, but have heard of others getting it working. Stan Hegt posted a flow chart on Twitter outlining what versions of Windows should be vulnerable under which conditions, and seems promising, but I can't say I've tested all those branches. |
|
I have tried WIN 10 21H1 and it has failed |
|
I was able to get the script to run on 20H2 with the June 2021 CU installed, but only after I ran PowerShell as an administrator. Not much of an exploit if running with administrative rights is required. If one needs to run this code as administrator for it to work, you can simplify your code to use "New-LocalUser". |
I ran the program on Windows 10 20H2 and I was presented with an error.
Invoke-Nightmare : [!] AddPrinterDriverEx failed.
The text was updated successfully, but these errors were encountered: