Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-8174 PoC — Microsoft Windows VBScript引擎缓冲区错误漏洞

Source
https://github.com/orf53975/Rig-Exploit-for-CVE-2018-8174
Associated Vulnerability
Title:Microsoft Windows VBScript引擎缓冲区错误漏洞 (CVE-2018-8174)
Description:Microsoft Windows 7等都是美国微软(Microsoft)公司发布的一系列操作系统。Windows VBScript engine是其中的一个VBScript(脚本语言)引擎。 Microsoft Windows VBScript引擎中存在远程代码执行漏洞。远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码,造成内存损坏。以下系统版本受到影响:Microsoft Windows 7,Windows Server 2012 R2,Windows RT 8.1,Windows Server
Description
Rig Exploit for CVE-2018-8174 As with its previous campaigns, Rig’s Seamless campaign uses malvertising.  In this case, the malvertisements have a hidden iframe that redirects victims to Rig’s landing page,  which includes an exploit for CVE-2018-8174 and shellcode.  This enables remote code execution of the shellcode obfuscated in the landing page.  After successful exploitation, a second-stage downloader is retrieved,  which appears to be a variant of SmokeLoader due to the URL.  It would then download the final payload, a Monero miner.
Readme
# Rig-Exploit-for-CVE-2018-8174
Rig Exploit for CVE-2018-8174 As with its previous campaigns, Rig’s Seamless campaign uses malvertising.  In this case, the malvertisements have a hidden iframe that redirects victims to Rig’s landing page,  which includes an exploit for CVE-2018-8174 and shellcode.  This enables remote code execution of the shellcode obfuscated in the landing page.  After successful exploitation, a second-stage downloader is retrieved,  which appears to be a variant of SmokeLoader due to the URL.  It would then download the final payload, a Monero miner.
File Snapshot

 [4.0K]  /data/pocs/b0e9be780bb44aea85c792dafb04fb2e1668bfd5
├── [  73]  IPs and Domains.txt
├── [ 581]  README.md
├── [ 497]  Related Hashes.txt
└── [1.2K]  Rig Exploit for CVE-2018-8174 SIGMA.txt

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.