Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACIDDAMAGE runs as low-privileged user #4

Open
bananabr opened this issue Apr 26, 2022 · 3 comments
Open

ACIDDAMAGE runs as low-privileged user #4

bananabr opened this issue Apr 26, 2022 · 3 comments

Comments

@bananabr
Copy link

I tried replicating the attack but my DLL is loaded as the user running cp_client and not as SYSTEM. Any ideas?
@joshuanutt
Copy link

@bananabr Did you ever sort it out? I'm having the same issue.

@jbaines-r7
Copy link

Obviously, I'd need more information to troubleshoot this. Windows version, driver version, etc.

@joshuanutt
Copy link

I have access to some older versions of Windows at home and will test those when I get off work.

Info from the client PC:

Driver

This is the driver that was installed when connecting to the malicious printer.

From Get-PrinterDriver:

Name Value
Name Lexmark Universal v2
MajorVersion 3
DriverVersion 562992903094277

From lmud1040.GDL

<GDL_ATTRIBUTE Name="*GPDFileVersion" xsi:type="GDLW_string">2.10.0.5</GDL_ATTRIBUTE>
<GDL_ATTRIBUTE Name="*GPDSpecVersion" xsi:type="GDLW_string">1.0</GDL_ATTRIBUTE>

Device Info

Name Value
WindowsProductName Windows 10 Pro
WindowsEditionID Professional
WindowsVersion 2009
OSBuildNumber 19044
OSArchitecture 64-bit

Hotfixes:
KB5015730
KB5003791
KB5012170
KB5016616
KB5014671
KB5015895
KB5005699

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bananabr @joshuanutt @jbaines-r7