关联漏洞
介绍
# CVE-2022-30190
[](https://nodesource.com/products/nsolid)
## Concept
Follina represents a critical security vulnerability uncovered within Microsoft Office products, exposing them to potential remote code execution (RCE) attacks. Microsoft has issued security updates to address the Follina vulnerability, but numerous unpatched versions of Microsoft Office remain susceptible. Follina has been assigned the Common Vulnerabilities and Exposures (CVE) number CVE-2022-30190 for tracking purposes by NIST.
Threat actors exploit Follina through phishing campaigns, tricking targeted users into opening Office documents with malicious web-links leading to attacker-controlled online resources. These embedded links exploit the "Microsoft Support Diagnostic Tool" (MSDT) protocol, which is typically used for system crash reporting but can be manipulated to execute attacker-supplied PowerShell commands without user interaction.
The Follina exploit can be triggered when a user opens a Microsoft Office document containing malware delivered via email, online channels, or even through USB devices. Notably, the malicious code could execute via the Preview Tab in Explorer if the file is in .rtf format, even without direct user interaction. The malware payload is activated through the MSDT protocol.
Follina was first revealed as a zero-day vulnerability on May 27, 2022, in a tweet by @nas_sec. Security researchers detected the first recorded malware sample exploiting Follina on April 7, 2022, though it is believed that the flaw was exploited earlier. Subsequently, cybersecurity researchers noticed a surge in phishing campaigns using Follina in attachments, and the vulnerability continues to pose a significant threat to unpatched systems targeted in phishing attacks.
## Demonstration
This platform serves as the principal platform for my exploit. I will enter my LAN IP and the shell code containing the "start calc.exe" command.
Now we can see that our server is in listening mode.
Here is our doc file.
We can observe the shell execution of the calculator when I started my doc file.
## ATTENTION
I have not managed INPUT errors, so please be cautious when providing information on the HTML platform.
## Requirement
- You need to have Maven installed on the PATH variable to use this software.
- JDK 16.0.2
## Installation
### Windows
- To install, download JDK 16.0.2, and then add the bin file to the path.
- Download the Maven zip version, and then add the bin execution of Maven to the environment variable.
### Linux
- Download JDK 16.0.2:
```sh
sudo unzip jdk****.zip
sudo dpkg -i jdk****.deb
sudo export PATH="/usr/lib/jvm/jdk-16.0.2/bin:$PATH"
sudo apt-get install maven
```
##### Installation of Software
#
```sh
cd Annunaki
mvn spring-boot:run
```
##### Execution
#
>Browse on Browser link : http://localhost:5656/anunnaki
文件快照
[4.0K] /data/pocs/952ad6419276f4aa1135f71445b3e5cc12e150be
├── [4.0K] Anunnaki
│ ├── [4.0K] doc
│ │ ├── [1.3K] [Content_Types].xml
│ │ ├── [4.0K] docProps
│ │ │ ├── [ 703] app.xml
│ │ │ └── [ 734] core.xml
│ │ ├── [4.0K] _rels
│ │ └── [4.0K] word
│ │ ├── [3.8K] document.xml
│ │ ├── [1.5K] fontTable.xml
│ │ ├── [4.0K] _rels
│ │ │ └── [ 974] document.xml.rels
│ │ ├── [2.9K] settings.xml
│ │ ├── [ 29K] styles.xml
│ │ ├── [4.0K] theme
│ │ │ └── [6.6K] theme1.xml
│ │ └── [ 802] webSettings.xml
│ ├── [ 10K] mvnw
│ ├── [6.6K] mvnw.cmd
│ ├── [2.1K] pom.xml
│ ├── [ 14] shell.bat
│ └── [4.0K] src
│ ├── [4.0K] main
│ │ ├── [4.0K] java
│ │ │ └── [4.0K] com
│ │ │ └── [4.0K] follina
│ │ │ └── [4.0K] anunnaki
│ │ │ ├── [ 643] AnunnakiApplication.java
│ │ │ ├── [ 740] Configuration.java
│ │ │ ├── [1.9K] FollinaGenerater.java
│ │ │ ├── [ 943] LoggerManagement.java
│ │ │ ├── [2.7K] Utils.java
│ │ │ └── [3.6K] WebController.java
│ │ ├── [4.0K] resources
│ │ │ ├── [ 202] application.properties
│ │ │ ├── [4.0K] doc
│ │ │ │ ├── [1.3K] [Content_Types].xml
│ │ │ │ ├── [4.0K] docProps
│ │ │ │ │ ├── [ 703] app.xml
│ │ │ │ │ └── [ 734] core.xml
│ │ │ │ ├── [4.0K] _rels
│ │ │ │ └── [4.0K] word
│ │ │ │ ├── [3.8K] document.xml
│ │ │ │ ├── [1.5K] fontTable.xml
│ │ │ │ ├── [4.0K] _rels
│ │ │ │ │ └── [ 974] document.xml.rels
│ │ │ │ ├── [2.9K] settings.xml
│ │ │ │ ├── [ 29K] styles.xml
│ │ │ │ ├── [4.0K] theme
│ │ │ │ │ └── [6.6K] theme1.xml
│ │ │ │ └── [ 802] webSettings.xml
│ │ │ └── [4.0K] static
│ │ │ ├── [4.0K] css
│ │ │ │ └── [ 11K] main.css
│ │ │ ├── [4.0K] images
│ │ │ │ └── [150K] bg-heading-03.jpg
│ │ │ ├── [4.0K] js
│ │ │ │ └── [1.8K] global.js
│ │ │ └── [4.0K] vendor
│ │ │ ├── [4.0K] datepicker
│ │ │ │ ├── [8.0K] daterangepicker.css
│ │ │ │ ├── [ 68K] daterangepicker.js
│ │ │ │ └── [ 46K] moment.min.js
│ │ │ ├── [4.0K] font-awesome-4.7
│ │ │ │ ├── [4.0K] css
│ │ │ │ │ ├── [ 37K] font-awesome.css
│ │ │ │ │ └── [ 30K] font-awesome.min.css
│ │ │ │ ├── [4.0K] fonts
│ │ │ │ │ ├── [132K] FontAwesome.otf
│ │ │ │ │ ├── [162K] fontawesome-webfont.eot
│ │ │ │ │ ├── [434K] fontawesome-webfont.svg
│ │ │ │ │ ├── [162K] fontawesome-webfont.ttf
│ │ │ │ │ ├── [ 96K] fontawesome-webfont.woff
│ │ │ │ │ └── [ 75K] fontawesome-webfont.woff2
│ │ │ │ └── [ 323] HELP-US-OUT.txt
│ │ │ ├── [4.0K] jquery
│ │ │ │ ├── [262K] jquery.js
│ │ │ │ └── [ 85K] jquery.min.js
│ │ │ ├── [4.0K] mdi-font
│ │ │ │ ├── [4.0K] css
│ │ │ │ │ ├── [ 83K] material-design-iconic-font.css
│ │ │ │ │ └── [ 69K] material-design-iconic-font.min.css
│ │ │ │ └── [4.0K] fonts
│ │ │ │ ├── [ 41K] Material-Design-Iconic-Font.eot
│ │ │ │ ├── [233K] Material-Design-Iconic-Font.svg
│ │ │ │ ├── [ 97K] Material-Design-Iconic-Font.ttf
│ │ │ │ ├── [ 49K] Material-Design-Iconic-Font.woff
│ │ │ │ └── [ 37K] Material-Design-Iconic-Font.woff2
│ │ │ └── [4.0K] select2
│ │ │ ├── [ 15K] select2.min.css
│ │ │ └── [ 65K] select2.min.js
│ │ └── [4.0K] webapp
│ │ └── [4.0K] WEB-INF
│ │ └── [4.0K] jsp
│ │ ├── [ 578] exploit.jsp
│ │ ├── [2.6K] index.jsp
│ │ └── [2.3K] stopserver.jsp
│ └── [4.0K] test
│ └── [4.0K] java
│ ├── [4.0K] com
│ │ └── [4.0K] follina
│ │ └── [4.0K] anunnaki
│ │ └── [ 214] AnunnakiApplicationTests.java
│ └── [4.0K] follina
│ └── [4.0K] server
│ └── [ 286] AppTest.java
├── [4.0K] images
│ ├── [606K] p1.png
│ ├── [513K] p2.png
│ ├── [2.7K] p3.png
│ └── [ 64K] p4.png
├── [ 11K] LICENSE
└── [3.0K] README.md
45 directories, 68 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。