https://github.com/vysecurity/cve-2018-4878

Aggressor Script to launch IE driveby for CVE-2018-4878
https://github.com/vysecurity/cve-2018-4878

Last synced: 4 months ago
JSON representation

Aggressor Script to launch IE driveby for CVE-2018-4878

Host: GitHub
URL: https://github.com/vysecurity/cve-2018-4878
Owner: vysecurity
Created: 2018-02-10T09:30:18.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2018-02-10T19:39:10.000Z (over 8 years ago)
Last Synced: 2025-03-15T07:28:47.026Z (about 1 year ago)
Size: 12.7 KB
Stars: 87
Watchers: 7
Forks: 37
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

          Author and Credits

==================

Author: Vincent Yiu (@vysecurity)

Credits:

   - @evi1cg: Helping me test and keep me motivated

   - @smgoreli: Original Calc.exe PoC

   - @kbandla: He knows, and I know. ;)

Disclaimer

==========

Developed to encourage more Aggressor script development. Use only in authorized penetration testing!

Description

===========

Aggressor Script to launch an Internet Explorer driveby attack using CVE-2018-4878 exploit for Shockwave Flash player versions before February 2018.

Usage:

======

Video Demonstration: 

* Click Host > Host CVE-2018-4878 Payload > Host

* Send link to victim or embed as part of other pages or a redirect

* Victim hits link with IE and outdated flash, you get a shell back in IE sandbox.

CobaltStrike

============

* Load CVE-2018-4878.cna

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/vysecurity/cve-2018-4878

Awesome Lists containing this project

README