【视频讲解】PicoCTF 2022 PrintNightmare CVE

图片[1]-【视频讲解】PicoCTF 2022 PrintNightmare CVE-FancyPig's blog

相关阅读

在网络安全入门的探讨中,推荐了Pico ctf

在上期视频中我们教大家解决ROT13 凯撒密码

今天我们将为大家带来一道有史以来最简单的CTF题目

视频讲解

你见过最简单的CTF题目吗?本期视频我们分享的CTF题目非常简单,我们只需要找到打印噩梦(PrintNightmare)这个漏洞的CVE编号就可以了,这里给大家科普一下,CVE全称是Common Vulnerabilities and Exposures,可以被翻译为公共漏洞披露,一般在漏洞出现后会由Mitre机构分配CVE编号,当然,在我们国内也有CNNVD编号,由国家安全漏洞库进行颁发……

图文讲解

相关漏洞

漏洞名称:Microsoft Windows Print Spooler Components 安全漏洞

CVE编号:CVE-2021-34527

危害等级:高危

威胁类型: 远程

漏洞介绍

Microsoft Windows Print Spooler Components是美国微软(Microsoft)公司的一个打印后台处理程序组件。

Microsoft Windows Print Spooler Components 存在安全漏洞,攻击者可以通过该漏洞绕过PfcAddPrinterDriver的安全验证,并在打印服务器中安装恶意的驱动程序。

以下产品和版本受到影响:

  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows Server version 1909 (Server Core installation)
  • Windows 10 Version 21H1 for x64-based Systems
  • Windows 10 Version 21H1 for ARM64-based Systems
  • Windows 10 Version 21H1 for 32-bit Systems
  • Windows 10 Version 2004 for 32-bit Systems
  • Windows 10 Version 2004 for ARM64-based Systems
  • Windows 10 Version 2004 for x64-based Systems
  • Windows Server, version 2004 (Server Core installation)
  • Windows 10 Version 20H2 for x64-based Systems
  • Windows 10 Version 20H2 for 32-bit Systems
  • Windows 10 Version 20H2 for ARM64-based Systems
  • Windows Server, version 20H2 (Server Core Installation)
  • Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows Server 2016,Windows Server 2016 (Server Core installation)
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems
  • Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)

POC脚本

https://github.com/cube0x0/CVE-2021-1675

复现视频

© 版权声明
THE END
喜欢就支持一下吧
点赞19赞赏 分享
评论 共3条

请登录后发表评论