Jump to content
Nytro

CVE-2018-8174-msf

By Nytro, in Exploituri

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

CVE-2018-8174-msf

This is a metasploit module which creates a malicious word document to exploit CVE-2018-8174 - VBScript memory corruption vulnerability.

This module is a very quick port and uses the exploit sample that was found in the wild. The exploit works only for Microsoft Office 32-bit.

There are a lot of things that need to get better at this module but I will update it in the future if I find some time.

Installation

  1. Copy the CVE-2018-8174.rb to /usr/share/metasploit-framework/modules/exploits/windows/fileformat/
  2. Copy the CVE-2018-8174.rtf to /usr/share/metasploit-framework/data/exploits/

The exploit doesn't work very well with meterpreter shellcode so it's better to use non-staged reverse shell.

Disclaimer

DO NOT USE THIS SOFTWARE FOR ILLEGALL PURPOSES.

THE AUTHOR DOES NOT KEEP ANY RESPONSIBILITY FOR ANY MISUSE OF THE CODE PROVIDED HERE.

 

Sursa: https://github.com/0x09AL/CVE-2018-8174-msf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...