支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: fd705dd501037bc02b1c96f3f0bfebc13e24d3b5

来源
https://github.com/ruthlezs/ie11_vbscript_exploit
关联漏洞
标题:Microsoft Internet Explorer 输入验证错误漏洞 (CVE-2019-0768)
Description:Microsoft Internet Explorer(IE)是美国微软(Microsoft)公司的一款Windows操作系统附带的Web浏览器。 Microsoft IE 11中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。
Description
Exploit Generator for CVE-2018-8174 & CVE-2019-0768 (RCE via VBScript Execution in IE11)
介绍
# IE11 VBScript Exploit
Exploit Generator for CVE-2018-8174 & CVE-2019-0768 (RCE via VBScript Execution in IE11)

# Prerequisite
- Metasploit
- msfvenom

# Usage
python ie11_vbscript.py [Listener IP] [Listener Port]

# Instruction
1. Use this script to generate "exploit.html"
2. Host the html file on your server
3. Setup a handler with windows/meterpreter/reverse_tcp in Metasploit
4. In your handler, set AutoRunScript with "post/windows/manage/migrate"
5. Perform social engineering attack with the payload url

# Credit
https://www.exploit-db.com/exploits/44741

# CVEs
https://nvd.nist.gov/vuln/detail/CVE-2018-8174
https://nvd.nist.gov/vuln/detail/CVE-2019-0768
文件快照

 [4.0K]  /data/pocs/fd705dd501037bc02b1c96f3f0bfebc13e24d3b5
├── [ 10K]  ie11_vbscript.py
├── [1.0K]  LICENSE
└── [ 673]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。