Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Module] printerbug #163

Merged
merged 10 commits into from
Mar 18, 2024
Merged

[Module] printerbug #163

merged 10 commits into from
Mar 18, 2024

Conversation

lodos2005
Copy link
Contributor

Add MS-RPRN abuse (PrinterBug)

For exploit:
https://github.com/dirkjanm/krbrelayx/blob/master/printerbug.py

@lodos2005 lodos2005 changed the title Create printerbug.py [Module] printerbug Jan 18, 2024
@Marshall-Hallenbeck
Copy link
Collaborator

@lodos2005 What did you test this against? The printerbug.py in dirkjanm's repo works for me, but the module you submitted does not coerce authentication (I'm running krbrelayx and specifying the LISTENER as my attacker IP).

@lodos2005
Copy link
Contributor Author

@Marshall-Hallenbeck You are right, I edited the trigger code now. Everything should be working properly now.

@Dfte
Copy link
Contributor

Dfte commented Feb 8, 2024
edited
Loading

Shouldn't we merge this into the spooler module as well as the printnightmare one. One module to rull them all :P

@Dfte
Copy link
Contributor

Dfte commented Feb 9, 2024

I have reviewed the module and it is really great as it does both the check and the exploit. Love it.
Only thing I'd say is that the output might be too heavy:

image

I'd rather have something saying "Spooler activated" or "Vulnerable" but I wouldn't mention krbrelayx since first, I don't use it, second there are others tools that can be used to relay :)

@lodos2005 @mpgn
Create printerbug.py
188f909 
Add MS-RPRN abuse (PrinterBug)

Signed-off-by: Hakan Yavuz <lodos05@gmail.com>
@lodos2005 @mpgn
Update printerbug.py
e422a17 
Fix trigger

Signed-off-by: Hakan Yavuz <lodos05@gmail.com>
@lodos2005 @mpgn
Update printerbug.py
fddcf67 
Signed-off-by: Hakan Yavuz <lodos05@gmail.com>
@lodos2005 @mpgn
Update printerbug.py
2feece3 
Fix linter

Signed-off-by: Hakan Yavuz <lodos05@gmail.com>
@lodos2005 @mpgn
Update printerbug.py
7909477 
fix linter

Signed-off-by: Hakan Yavuz <lodos05@gmail.com>
@NeffIsBack
Copy link
Contributor

NeffIsBack commented Mar 13, 2024
edited
Loading

Hey, thanks for the PR and sorry for the late response!
Working flawlessly on my side. I changed the logging a bit to use the context logger. @lodos2005 take a look at the changes, if they work for you we are ready for the merge.

image
image

@NeffIsBack NeffIsBack added tested reviewed code Label for when a static code review was done labels Mar 14, 2024
NeffIsBack
NeffIsBack approved these changes Mar 14, 2024
View reviewed changes
Copy link
Contributor

@NeffIsBack NeffIsBack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lodos2005
Copy link
Contributor Author

I will have more beautiful changes for coerce but for now we can merge this. LGTM too

@Marshall-Hallenbeck Marshall-Hallenbeck merged commit e12fef0 into Pennyw0rth:main Mar 18, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NeffIsBack NeffIsBack NeffIsBack approved these changes

@zblurx zblurx Awaiting requested review from zblurx zblurx is a code owner

@Marshall-Hallenbeck Marshall-Hallenbeck Awaiting requested review from Marshall-Hallenbeck Marshall-Hallenbeck is a code owner

@mpgn mpgn Awaiting requested review from mpgn mpgn is a code owner

Assignees
No one assigned
Labels
new module reviewed code Label for when a static code review was done tested
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lodos2005 @Marshall-Hallenbeck @Dfte @NeffIsBack