关联漏洞
标题:Microsoft .NET Framework 安全漏洞 (CVE-2017-8759)Description:Microsoft .NET Framework是美国微软(Microsoft)公司开发的一种全面且一致的编程模型,也是一个用于构建Windows、Windows Store、Windows Phone、Windows Server和Microsoft Azure的应用程序的开发平台。该平台包括C#和Visual Basic编程语言、公共语言运行库和广泛的类库。 Microsoft .NET Framework中存在远程代码执行漏洞。远程攻击者可借助恶意的文档或引用程序利用该漏洞执行代码。以下版本受到影响
Description
Running CVE-2017-8759 exploit sample.
介绍
# CVE-2017-8759-Exploit-sample
Running CVE-2017-8759 exploit sample.
Flow of the exploit:
Word macro runs in the Doc1.doc file. The macro downloads a badly formatted txt file over wsdl, which triggers the WSDL parser log. Then the parsing log results in running mshta.exe which in turn runs a powershell commands that runs mspaint.exe
To test:
Run a webserver on port 8080, and put the files exploit.txt and cmd.hta on its root. For example python3 -m http.server -127.0.0.1 8080
Or you can use python3 server.py
If all is good mspaint should run.
Mohammed Aldoub @Voulnet
## References:
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
文件快照
[4.0K] /data/pocs/3c72b0c9de5d14b31702aa74da3d9e427d56a825
├── [ 549] cmd.hta
├── [ 32K] Doc1.doc
├── [1.2K] exploit.txt
├── [1.0K] LICENSE
├── [ 694] README.md
└── [ 230] server.py
0 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。