Info Sharing Blog

Wednesday, September 9, 2020

PrintSpoofer Windows Privilege Escalation tool : Usage and Illustration.

September 09, 2020 Posted by jaacostan ,

Lets talk about PrintSpoofer tool. This tiny tool is used for Windows Privilege Escalation. If the target server having the SeImpersonatePrivilege enabled and by using this tool, you can perform the Privilege escalation.

1) Look for the ways to elevate the privileges in the target machine. Run whoami /priv 

Check for the weakness in Windows Server where certain service accounts are required to run with elevated privileges utilizing the SeImpersonatePrivilege. Mostly people use Hot Potato to take advantage of this privilege function. But Hot Potato is successful only if the DCOM enabled in the target server. [Read more on this]. Here comes the usage of PrintSpoofer tool. You can abuse and exploit this with PrintSpoofer tool, even if the DCOM is disabled in the target server.

1) Get the code from Github.

Clone the directory. Note that, if you are trying to compile the code in a Linux machine, you may encounter compile error as it requires windows.h header file. 

I have used the Visual Studio in my windows machine and compiled the code to produce an exe output (PrintSpoofer.exe)

2) I have already gained the initial access in to the machine as a normal user. Means i do have the machine access and i can upload files in to it. I activated a simplepython web-server in my local machine and  from the target machine, downloaded PrintSpoofer.exe.

3) Once downloaded successfully, then just execute it to elevate the privileges. 

4) You have acquired the administrative privileges.