Check and Prepare
The Explanation
The print spooler service is started as the system account which is the highest account in windows that you can take over. You will trick the print spooler to install a new driver from an unc path and load that driver. In our case, a DLL file and once loaded will give the reverse shell to our kali machine. Because the print spooler service is started as System user it will be the system user calling back to the kali machine and not the non-privledged user we are using to install the driver.
To exploit printnightmare we will first check if the spooler is active on targets
Check spooler is active
Setup SMB to Host our .dll
Create Revershell and place it in the smb directory
Setup the listener
Download and execute exploit
Got Shell?
Last updated