Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lockedbyte/CVE-2021-40444
CVE-2021-40444 PoC
https://github.com/lockedbyte/CVE-2021-40444
Last synced: 21 days ago
JSON representation
CVE-2021-40444 PoC
- Host: GitHub
- URL: https://github.com/lockedbyte/CVE-2021-40444
- Owner: lockedbyte
- Created: 2021-09-10T16:55:53.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2021-12-25T18:31:02.000Z (almost 3 years ago)
- Last Synced: 2024-08-05T17:33:20.853Z (4 months ago)
- Language: HTML
- Homepage:
- Size: 657 KB
- Stars: 1,564
- Watchers: 28
- Forks: 481
- Open Issues: 15
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - lockedbyte/CVE-2021-40444 - CVE-2021-40444 PoC (HTML)
README
# CVE-2021-40444 PoC
Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)
Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file)
You need to install lcab first (`sudo apt-get install lcab`)
Check `REPRODUCE.md` for manual reproduce steps
If your generated cab is not working, try pointing out exploit.html URL to calc.cab
# Using
First generate a malicious docx document given a DLL, you can use the one at `test/calc.dll` which just pops a `calc.exe` from a call to `system()`
`python3 exploit.py generate test/calc.dll http://`
![Document generation](./img/gen.png)
Once you generate the malicious docx (will be at `out/`) you can setup the server:
`sudo python3 exploit.py host 80`
![Server](./img/srv.png)
Finally try the docx in a Windows Virtual Machine:
![Pop Calc](./img/calc.png)