Skip to content

BC-SECURITY/Invoke-PrintDemon

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PrintDemon

This is an PowerShell Empire launcher PoC using PrintDemon and Faxhell. The module has the Faxhell DLL already embedded which leverages CVE-2020-1048 for privilege escalation. The vulnerability allows an unprivileged user to gain system-level privileges and is based on @ionescu007 PoC.

Invoke-Demon_Demo

Note: This is a proof of concept. We have encountered some issues with printing to C:\Windows\System32\Ualapi.dll on some machines. We have not yet isolated what is causing this. You can drop the dll directly into System32 to test the launcher if you encounter issues.

Code Borrowed from

https://github.com/ionescu007/PrintDemon https://github.com/ionescu007/faxhell https://stackoverflow.com/questions/4442122/send-raw-zpl-to-zebra-printer-via-usb https://stackoverflow.com/questions/29759854/how-to-connect-to-tcp-socket-with-powershell-to-send-and-receive-data

About

This is a PowerShell Empire launcher PoC using PrintDemon and Faxhell.

Resources

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

 

Packages

No packages published