Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Voulnet/CVE-2017-8759-Exploit-sample
Running CVE-2017-8759 exploit sample.
https://github.com/Voulnet/CVE-2017-8759-Exploit-sample
Last synced: 21 days ago
JSON representation
Running CVE-2017-8759 exploit sample.
- Host: GitHub
- URL: https://github.com/Voulnet/CVE-2017-8759-Exploit-sample
- Owner: Voulnet
- License: mit
- Created: 2017-09-13T09:50:04.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2020-01-23T06:53:00.000Z (almost 5 years ago)
- Last Synced: 2024-08-05T17:41:04.604Z (4 months ago)
- Language: Python
- Size: 14.6 KB
- Stars: 257
- Watchers: 13
- Forks: 96
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - Voulnet/CVE-2017-8759-Exploit-sample - Running CVE-2017-8759 exploit sample. (Python)
README
# CVE-2017-8759-Exploit-sample
Running CVE-2017-8759 exploit sample.
Flow of the exploit:
Word macro runs in the Doc1.doc file. The macro downloads a badly formatted txt file over wsdl, which triggers the WSDL parser log. Then the parsing log results in running mshta.exe which in turn runs a powershell commands that runs mspaint.exe
To test:
Run a webserver on port 8080, and put the files exploit.txt and cmd.hta on its root. For example python3 -m http.server -127.0.0.1 8080
Or you can use python3 server.py
If all is good mspaint should run.
Mohammed Aldoub @Voulnet
## References:
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html