https://github.com/ly4k/PrintNightmare
Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket.
Impacket v0.9.23 - Copyright 2021 SecureAuth Corporation
usage: printnightmare.py [-h] [-debug] [-port [destination port]] [-target-ip ip address] [-hashes LMHASH:NTHASH] [-no-pass] [-k] [-dc-ip ip address]
[-name driver name] [-env driver name] [-path driver path] [-dll driver dll] [-check] [-list] [-delete]
target
PrintNightmare (CVE-2021-1675 / CVE-2021-34527)
positional arguments:
target [[domain/]username[:password]@]<targetName or address>
optional arguments:
-h, --help show this help message and exit
-debug Turn DEBUG output ON
-no-pass don't ask for password (useful for -k)
-k Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters. If valid credentials
cannot be found, it will use the ones specified in the command line
-dc-ip ip address IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter
connection:
-port [destination port]
Destination port to connect to MS-RPRN named pipe
-target-ip ip address
IP Address of the target machine. If ommited it will use whatever was specified as target. This is useful when target is the
NetBIOS name and you cannot resolve it
authentication:
-hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
driver:
-name driver name Name for driver
-env driver name Environment for driver
-path driver path Driver path for driver
-dll driver dll Path to DLL
modes:
-check Check if target is vulnerable
-list List existing printer drivers
-delete Deletes printer driver