SpoolSploit: collection of Windows print spooler exploits

SpoolSploit

A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.

Summary

SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying machine account credentials to escalate privileges and execute malicious DLLs on endpoints with full system access.

Getting Started

As of the release date the SpoolSploit Docker container has been tested successfully on the latest versions of MacOS, Ubuntu Linux, and Windows 10.

Although not required, if you would like to host malicious DLLs or conduct credential relay attacks, all within the SpoolSploit container, you should ensure port 445 is not in use on the host running Docker. This is most prevalent when running this container on a Windows host, as it uses port 445 by default. If disabling port 445 on your host is not practical, that is okay! You can simply run the docker container in a virtual machine that has the network adapter configured in bridge mode. This will allow for serving malicious DLLs and relay credentials. If you only want to serve malicious DLLs, you could simply host the DLLs on an anonymous access share on your host OS or a compromised server share.

Install & Use

Copyright (C) 2021 BeetleChunks