printnightmare's People
Forkers
raystyle bravery9 a10ncoder askyeye beerandgin jermainlaforce scriptidiot crackercat dviros idfix007 th3k3ymak3r curtishoughton gavz 5m7x bhassani infernalheaven lhaizhu fengjixuchui 5l1v3r1 msf-ntdll nyameeeain tmp63498 cybermonitor sesyi 0x00-0x00 hiviker shaunstanislauslau dannymas roixroi sekuryti mrduoduo2 zhouzu isiaon superuser5 team-firebugs arphanetx cybersecops devkw bigbrobro chenpengxiao adnama55 douglas88 tfsquwxcqft gitttttbottttt vigneshsahoo cl4ym0re sumeetit digitalarche zhenw0 0r3ak m00nt0 developer191 analyticsearch git4artifact fuzzyun1c0rn kopfjager007 filipesam jimsonzhang taylanguneyaktas 419066074 toolsec agelovito hktalent red-infosec caustickirbyz ahmetqara kungia09 apkc yyosefiprintnightmare's Issues
PrintNightmare.dll crashes
Hi!
I keep getting heap corruption errors in my lab machine while trying to launch the exploit through Beacon. I think this might be a matter of compiling and therefore I've tried to compile the binary in both VS2022 and VS2019, trying both /MD and /MT runtime libraries. I'm not too familiar with debugging C programs so this is the best I can do for now.
So, what's the specific setup needed to compile the binary?
The error from Windows log:
Faulting application name: rundll32.exe, version: 10.0.19041.746, time stamp: 0xfb4a9a6b
Faulting module name: ntdll.dll, version: 10.0.19041.1466, time stamp: 0xe2f8ca76
Exception code: 0xc0000374
Fault offset: 0x00000000000ff199
Faulting process ID: 0xecc
Faulting application start time: 0x01d83786454eec85
Faulting application path: C:\Windows\system32\rundll32.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report ID: 88cab659-788c-40e2-9047-4feaa5c7dd68
Faulting package full name:
Faulting package-relative application ID:
Some minor hygiene issues on resource management
These are mostly hygiene issues than actual bugs. Resource allocations will be freed at process exit anyway. But the code takes care to release resources and so just noting them. Code may be copy/pasted into other frameworks where resource hygiene may matter more.
1. The call to CreateBindingHandle
initializes bHandle
. The CleanUp
routine should call RpcBindingFree
on this resource.
Allocated here:
and here:
2. Should check for failed allocation before writing:
container_info.Level = 2;
! container_info.DriverInfo.Level2 = (DRIVER_INFO_2*)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(DRIVER_INFO_2)); /// check for failed allocation
container_info.DriverInfo.Level2->cVersion = 3;
This is both in the reflective and non-reflective cases:
3. Should free memory from call to Utf8ToUtf16
in CleanUp
4. Code inconsistently switches from MAX_BUF to MAX_PATH
LPWSTR GetDriverPath(IN LPWSTR lpwTarget) {
...
WCHAR wcKeyName[MAX_BUF] = { 0 };
DWORD dwNamelen = MAX_BUF;
...
if (lResult == 0) {
for (DWORD i = 0; ; i++) {
RtlZeroMemory(wcKeyName, sizeof(wcKeyName));
lResult = RegEnumKeyEx(hSubKeyHandle, i, wcKeyName, &dwNamelen, NULL, NULL, NULL, NULL);
if (StrStrIW(wcKeyName, L"ntprint.inf_amd64")) {
wcscpy_s(lpwDriverPath, MAX_BUF, L"C:\\Windows\\System32\\DriverStore\\FileRepository\\");
wcscat_s(lpwDriverPath, MAX_BUF, wcKeyName);
wcscat_s(lpwDriverPath, MAX_BUF, L"\\Amd64\\UNIDRV.DLL");
wprintf(L"[>] pDriverPath: -> %s\n\n", lpwDriverPath);
break;
}
if (lResult == ERROR_NO_MORE_ITEMS) {
break;
}
! dwNamelen = MAX_PATH; //changed from MAX_BUF to MAX_PATH?
}
}
}
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.