Description
Compiles a Windows x64 DLL payload for PrintNightmare (CVE-2021-34527) that reflectively loads the SpecterInsight implant as SYSTEM when loaded by the Print Spooler.
Overview
Compiles a Windows x64 DLL that reflectively loads the SpecterInsight implant into memory as SYSTEM when the Print Spooler loads it via AddPrinterDriverEx. The DLL is generated by New-PrintNightmareDll: the sRDI shellcode is XOR-encoded with a random per-build key and embedded at compile time.
Use with the PrintNightmare Local Privilege Escalation SpecterScript, or manually via Invoke-LevelUp -Technique CVE-2021-34527 -Command <path>.
Parameters
| Name | Type | Description |
|---|---|---|
| Optimization | ZigOptimization | Optimization/build mode. Default: ReleaseSmall. |
| BuildId | string | The build whose implant is embedded. Defaults to the current build. |