CVE-2022-30190

Repositório de Correções e Softwares que ajudam no gerenciamento do TI

Windows e TI O que é TI? Em linhas gerais, TI é a sigla que indica Tecnologia da Informação Esse termo vem do inglês: Information Technology (IT) Porém, é importante compreender o TI como um conceito A Gartner, grande consultoria mundial do setor tecnológico, apresenta a seguinte definição: “Esse &eac

Exploits scripts

Exploits scripts - (In Progress) Web Exploits log poisoning (local file inclusion attack) redis remote code execution Windows Exploits CVE-2022-30190 (follina) Disclaimer The tools in this repository are made for educational purposes only

Follina (CVE-2022-30190) is a Microsoft Office zero-day vulnerability that has recently been discovered. It’s a high-severity vulnerability that hackers can leverage for remote code execution (RCE) attacks.

CVE 30190 Amine TITROFINE | December 17, 2022 Follina (CVE-2022-30190) is a Microsoft Office zero-day vulnerability that has recently been discovered It’s a high-severity vulnerability that hackers can leverage for remote code execution (RCE) attacks It exists when MSDT is called using the URL protocol from a calling application such as Word An attacker who successf

This is exploit of CVE-2022-30190 on PowerPoint.

CVE-2022-30190_EXP_PowerPoint This is exploit of CVE-2022-30190 on PowerPoint Modify the suffix of the file to 'zip' and unzip the file, you can edit \ppt\slides\_rels\slide1xmlrels and replace to your vps ip:port like this, then compress them as the same way and change the suffix to 'ppsx' The default payload in 'exploithtml' is to execute th

A proof of concept for CVE-2022-30190 (Follina).

CVE-2022-30190 (Follina) A proof of concept (PoC) for CVE-2022-30190 (Follina) Requirements Victim Windows 10 21H1 (equivalent/earlier) Security update KB5016616 uninstalled Attacker Microsoft NET SDK Python 39 or later Configuration Edit configxml to modify the attacker's server hostname and port number <host> <name>{ hostname }&am

CVE-2022-30190- A Zero-Click RCE Vulnerability In MSDT

msdt-follina-office CVE-2022-30190- A Zero-Click RCE Vulnerability In MSDT

MSDT_CVE-2022-30190-follina-

CVE-2022-30190 remediation via removal of ms-msdt from Windows registry

cve-2022-30190 CVE-2022-30190 remediation via removal of ms-msdt from Windows registry Resources Microsoft Guidance and Workaround Palo Alto Assessment

CVE-2022-30190 Usage (Windows only) Create docx file: $ PoCpy docx your-host-ip Run server directly: $ PoCpy host

CVE-2022-30190-POC

Removes the ability for MSDT to run, in response to CVE-2022-30190 (Follina)

Follina-Remediation Removes the ability for MSDT to run, in response to CVE-2022-30190 (Follina) This repo has been archived since Microsoft published official fixes See msrcmicrosoftcom/update-guide/vulnerability/CVE-2022-30190 for specifics

CVE-2022-30190 CVE-2022-30190 CVE-2022-30190 Follina POC Host exploithtml on localhost, port 80 Open the docx to pop calc To change the remote address the doc points to, open in 7Z and edit word\rels\documentxmlrels to point to a new location YOU MUST keep the exclamation mark It will literally not run if you omit this from the end of the URL The exploit must contain at

CVE-2022-30190

msdt-follina-office-rce CVE-2022-30190

CVE-2022-30190- A Zero-Click RCE Vulnerability In MSDT

msdt-follina-office CVE-2022-30190- A Zero-Click RCE Vulnerability In MSDT

halal windows

Windows-0-Day-Automated-fix Fix CVE-2022-30190

Remote Access Shell for Windows (based on cve-2022-30190)

Follina (PATCHED) Remote Access Shell for Windows (based on cve-2022-30190) ⚠️ Made for Educational purposes only 📚 Installation & Usage 🛠️ $ git clone githubcom/AbdulRKB/Follinagit $ cd Follina $ pip install -r requirementstxt $ python mainpy

The Follina vulnerability in a Windows support tool can be easily exploited by a specially crafted Word document. The lure is outfitted with a remote template that can retrieve a malicious HTML file and ultimately allow an attacker to execute Powershell commands within Windows.

Microsoft MSDT Follina Docx generator The Follina vulnerability in a Windows support tool can be easily exploited by a specially crafted Word document The lure is outfitted with a remote template that can retrieve a malicious HTML file and ultimately allow an attacker to execute Powershell commands within Windows CVE-2022-30190 cvemitreorg/cgi-bin/cvenamecgi?name=C

Microsoft MS-MSDT Follina (0-day Vulnerability) CVE-2022-30190 Attack Vector

msdt-follina Microsoft MS-MSDT Follina (0-day Vulnerability) CVE-2022-30190 Attack Vector

Mitigation for CVE-2022-30190

CVE-2022-30190 Mitigation for CVE-2022-30190 Script requires to be run as Adminstrator This script has been tested with Connectwise Automate RMM tool for deployment I found this solution cleaner than backup up and deleting anything from the registry, as this can simply update the DWORD key value to "1" to return functionality Alternatively the script can be modifie

An Unofficial Patch Follina CVE-2022-30190 (patch) by micrisoft Guidelines.

Follina-CVE-2022-30190-Unofficial-patch- An Unofficial Patch Follina CVE-2022-30190 (patch) by microsoft Guidelines for more details goto : msrc-blogmicrosoftcom/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ About Program this program creates a backup of [reg file] in Program directory (Make sure you keep it safe for restore

Work around for Follina vulnerability + documentation on my process

ProductionFollinaWorkaround Work around for Follina vulnerability + documentation on my process CVE-2022-30190 "Follina" is a Windows exploit that allows an adversary to preform remote code execution via the built in Microsoft Diagnostic Tool (msdt) As of now, there is no official patch, but there are workarounds The option I ended up employing was the Microsoft rec

follina-CVE-2022-30190 by hazard

follina zero day vulnerability to help Microsoft to mitigate the attack

follina-CVE-2022-30190 follina zero day vulnerability to help Microsoft to mitigate the attack Description follinapy -h decompress nc64zip at the root folder before usage

MS Word Follina attack PoC

NOTE This repo was used for a school project! All credits: githubcom/ItsNee/Folina-CVE-2022-30190-POC USAGE Use Smartlearnch run python3 exploitpy -u "19216821041:1337/pwnhtml"

Educational Exploit for CVE-2022-30190 (Follina)

Follina CVE-2022-30190 Sample Educational Follina Tool Features RTF payload generator Simple HTTP Server for payload Mitigation tips Configuration extractor Easy to use for learning Exploit Executed Successfully

CVE-2022-30190 (Exploit Microsoft)

CVE-2022-30190

this is a demo attack of FOLLINA exploit , a vulnerability that has been discovered in May 2022 and stood unpatched until June 2022

Follina-attack-CVE-2022-30190- this is a demo attack of FOLLINA exploit , a vulnerability that has been discovered in May 2022 and stood unpatched until June 2022

CVE-2022-30190 This Repository Talks about the Follina MSDT from Defender Perspective Index About Timeline Understanding the Exploit List of IOCs Detection Strategy Testing and Researching Mitigation Plans References About The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group Microsof

To have a downloadable Powershell Script created to disable the MSDT URL protocol

DisableMS-MSDT Purpose: To have a downloadable Powershell Script created to disable the MSDT URL protocol Use Cases A system administrator needs a powershell script that can be uploaded into a MDM to mitigate the vulnerability in Windows computers A security conscious person wants a quick way to run a powershell script to disable MSDT until a patch is released by Microsoft on

CVE-2022-30190 Concept Follina represents a critical security vulnerability uncovered within Microsoft Office products, exposing them to potential remote code execution (RCE) attacks Microsoft has issued security updates to address the Follina vulnerability, but numerous unpatched versions of Microsoft Office remain susceptible Follina has been assigned the Common Vulnerabil

This repository is basically for the writeup of Financial Drill 2022, Bangladesh

Financial Cyber Drill 2022 - Writeup This repository is basically for the writeup of Financial Cyber Drill 2022, organized by BGD e-GOV CIRT Injection 0: 25 Our organization name is FIN and we are very conspicuous financial organization in Bangladesh Our information technology domain name is FINLOCAL and Active Directory Domain Services (AD DS) or domain controller run on Win

CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit

Fully Weaponized CVE-2021-40444 Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution), works with arbitrary DLL files Update 31/05/2022 - CVE-2022-30190 - Follina Now the generator is able to generate the document required to exploit also the "Follina" attack (leveraging ms-msdt) Background Although many PoC are already aro

The CVE-2022-30190-follina Workarounds Patch

CVE-2022-30190-Follina-Patch This is a simple program allows you to complete the Workarounds temporary Patch at once instead of typing in cmd (Addressed to specific people) Requires you to run it as an administrator 6/2/2022 Images The exe file Manually Run Command Prompt as Administrator To back up the registry key, execute the command reg export HKEY_CLASSES_ROOT\ms-msdt

POC to replicate the Follina zero-click vulnerability (DOC and RTF files)

Follina Proof of Concept (CVE-2022-30190) Quick and easy "proof of concept" for the Follina RCE that affects Microsoft Office/365 products This POC supports both the one-click exploit and the zero-click exploit through RTF files Running the script will generate an infectedzip archive that contains two files: A zero-clickrtf file that allows you to test the RCE wi

A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)

FollinaScanner A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190) (Note: "Suspicious files" means files that have a URL in them but isn't working) Compiling git clone githubcom/ErrorNoInternet/FollinaScanner cd FollinaScanner go build Usage # Scan the current direct

Implementation of FOLLINA-CVE-2022-30190

FOLLINA-CVE-2022-30190 Implementation of FOLLINA-CVE-2022-30190 This repository contains an exploitation tool for the vulnerability FOLLINA-CVE-2022-30190 Disclaimer This tool developed for security testing and research purposes by cloning / forking this tool the origin developer withdraw any responsibilities on the actors actions Prerequisites read about the CVE-2022-3019

A tool for pulling top-10 cves from cvetrend.com. ;)

CVE Puller A tool for pulling latest Top-10 CVEs from CVE-TREND to your Black-Terminal ;) AKA Real-Time CVE puller Usage Installation About Usage: help ➜ cvePuller --help Usage of cvePuller: -all Detail like CVE-ID, Description, Assigner, Severity (Usage: --cve day/week -all) -cve string Only CVE ID (Usage: --cve day, --cve week) -info string All

Follina Web Server Simple PowerShell web server to assist in POC Follina testing by popping calc When running, by default URL can be accessed via: localhost:8081/payloadhtml References: githubcom/JMousqueton/PoC-CVE-2022-30190 - Good resource on creating your own POC communityideracom/database-tools/powershell/powertips/b/tips/posts/creating-powershe

Recent Projects 👨‍💻 Trading Algorithm   Under development, (algolissandev)

CVE Exploit Demonstration

🎥 Exploit for CVE Demonstration CVE-2021-44228 (Log4Shell) 🔗Click Here CVE-2014-6271 (Shell Shock) 🔗Click Here CVE-2022-30190 (Follina) 🔗Click Here 🔎 What is CVE ? 💬 CVE is short for Common Vulnerabilities and Exposures It means publicly known information-security vulnerabilities in publicly released software packages The informaion is then assigend a CV

Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files

FollinaExtractor Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files usage: extract_follinapy -f C:\path\to\filertf

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina Info : New Microsoft Office zero-day used in attacks to execute PowerShell Summary On the 29th of May 2022, the Nao_Sec team, an independent Cyber Security Research Team, discovered a malicious Office document shared on Virustotal This document is using an unusual, but known scheme to infect its victims The scheme

this is my simple article about CVE 2022-30190 (Follina) analysis. I use the lab from Letsdefend.

CVE-2022-30190-Analysis-With-LetsDefends-Lab Pada tanggal 27 mei 2022, Tim teknikal Nao_Sec mencoba menaganalisa dan menemukan suatu dokumen dalam format doc yang tampak malicious Dimana Dokumen tersebut terindikasi terunggah dari alamat IP Belarus Kecurigaan ini kemudian di telurusi lebih lanjut dan pada tanggal 30 mei 2022, tepatnya pada hari senin Microsoft mengumumkan a

CVE-2022-30190 Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability MSRC / By msrc / May 30, 2022 On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as

CVE-2022-30190 | MS-MSDT Follina One Click

MS-MSDT-Office-RCE-Follina CVE-2022-30190 | MS-MSDT Follina One Click Create a Docx file In the Docx file, Insert > Object > Bitmap Image > Ok In the Paint application that launched, save the Paint file Save your Docx file Open your file as an archive (With 7Zip; Right Click > 7Zip > Open Archive) Copy out the Documentxml from \Word\ and

proof of concept to CVE-2022-30190 (follina)

follina_cve_2022-30190 A proof of concept to CVE-2022-30190 (follina) usage: exploitpy [-h] [-u HOST_IP] [-p PORT] [-o OFILE] [-m {server, create}] [-s {script | script_fileps1}] [-r HOST_IP:PORT] Follina Exploitation Toolkit options: -h, --help show this help message and exit -u HOST_IP, --host HOST_IP host ip addre

Microsoft Support Diagnostic Tool (CVE-2022-30190)

CVE-2022-30190 - Microsoft Support Diagnostic Tool About This script will attempt to create a Microsoft Office document which will remotely execute code Setup git clone githubcom/joshuavanderpoll/CVE-2022-30190git cd CVE-2022-30190 python3 CVE-2022-30190py --help Options usage: CVE-2022-30190py [-h] [--html HTML] [--cmd CMD]

POC-msdt-follina OK, as you know, or don't know, CVE-2022-30190 vulnerability can be described as like an attacker makes some MS Office, puts inside it's structure some link ( html ), and with the help of that, he manage run a malicious code OLE object (word/_rels/documentxmlrels) Data phat puts inside, may describe link in the tags with attributes "TYPE=&quo

Write-up for another forgotten Windows vulnerability (0day): Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape, which was not fully fixed as CVE-2022-44666 in the patches released on December, 2022.

Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day) This is the story about another forgotten 0day fully disclosed more than 4 years ago by John Page (aka hyp3rlinx) To understand the report, you have to consider i'm stupid :-) And my stupidicity drives me to take longer paths to solve simple issues, b

Liens pouvant être utiles Vulnérabilité windows Vidéos let’s play with a ZERO-DAY vulnerability “follina” Exploiting MSDT 0-Day CVE-2022-30190 Informations complémentaires CVE-2022-30190 Detail Additional information about CVE-2022-30190 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Insta

poc document

CVE-2022-30190 MS-MSDT Using Follina Attack Vector Deniz Koc | June 9, 2022 On May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability It is basically a remote code execution technique used through MSDT and MS Office program, namely Microsoft Word This attack takes place using malicious Word documents th

All about CVE-2022-30190, aka follina, that is a RCE vulnerability that affects Microsoft Support Diagnostic Tools (MSDT) on Office apps such as Word. This is a very simple POC, feel free to check the sources below for more threat intelligence.

follina (POC) All about CVE-2022-30190, aka follina, that is a RCE vulnerability that affects Microsoft Support Diagnostic Tools (MSDT) on Office apps such as Word This is a very simple POC, feel free to check the sources below for more threat intelligence Usage usage: follinapy [-h] [--command COMMAND] [--ip IP] [--port PORT] [--output OUTPUT] [--reverse REVERSE] POC for C

This is a workaround that should secure machines from the Follina zero-day exploit. (According to Microsoft's documentation)

Follina-workaround-automation This is a workaround that should secure machines from the Follina zero-day exploit (According to Microsoft's documentation) msrc-blogmicrosoftcom/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ This script will make a new hidden dir on the C:/ drive, that should have a backup of the regkey tha

Microsoft Sentinel analytic rule and hunting queries in ASIM for activity of MSDT and CVE-2022-30190.

CVE-2022-30190 On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word An attacker who successfully exploits this vulnerability can run arbitrary code with the privilege

Follina-CVE-2022-30190 Proof of Concept by Nee Usage python3 follinapy --payload-url "192168200144:1337/pwnhtml" What it does Creates a malicious word file which points to the payload url that you specify Hosts the default payload located in the web folder Proof Of Concept Pops calc by default Feel free to make cha

Rapid7_InsightVM This script helps in finding a specific vulnerability across all the sites QUERIES = { "vulnerabilities": """ SELECT dvrreference, asset_id, daip_address, dahost_name, damac_address, round(dvriskscore::numeric, 0) AS risk FROM fact_asset_vulnerability_finding favf JOIN dim_asset da USING (asset_id)

This is exploit of CVE-2022-30190 on PowerPoint.

CVE-2022-30190_EXP_PowerPoint This is exploit of CVE-2022-30190 on PowerPoint Modify the suffix of the file to 'zip' and unzip the file, you can edit \ppt\slides\_rels\slide1xmlrels and replace to your vps ip:port like this, then compress them as the same way and change the suffix to 'ppsx' The default payload in 'exploithtml' is to execute th

Patch/Fix for the Follina zero day exploit.

Follina zero day office exploit patch for Windows 10 Patch for the Follina zero day exploit currently effecting MS Office This patch works on Windows 10, I have not tested it on previous versions of Windows The exploit this is patching DOES effect earlier versions of Windows (Both Desktop and Server) so be careful Patch Notes/Instructions (CVE-2022-30190 - disable the Previe

Notes related to CVE-2022-30190

Follina Notes related to CVE-2022-30190 FOLLINA: CVE-2022-30190 Uses Microsoft Support Diagnostic Tool (MSDT) Exploits diagnostic window opened for Diagnosis and when executed properly, gives reverse shell to attacker Github: (a) githubcom/JohnHammond/msdt-follina (b) githubcom/chvancooten/follinapy Thanks to: (a) @_johnhammond (b) @networkchuck

A Python software that aims at sanitizing malware infected files.

PyRATE documentation ℹ️ This software was developed as part of a bigger project To read about it, please refer to my USB Malware Cleaner Kiosk repository ℹ️ This software is a component of the Frontend ⚠️ This python software is intended for Linux OS powered terminals It requires a few pieces of software to work that may not be indicated in this documentati

MS-MSDT Follina CVE-2022-30190 PoC document generator

MS-MSDT Follina CVE-2022-30190 PoC Malicious docx generator to exploit (Microsoft Office Word Remote Code Execution) Creation of this Script is based on CVE-2021-40444 PoC by LockedByte and writeup by Tothi Using First modify backuphtml and replace powershell payload Right now just pops a calcexe using IEX('calcexe') python3 exploitpy generate <SR

Uses Intune Proactive remediations to detect and Move the MS-MSDT class.

MS-MSDT-Proactive-remediation Use Intune Proactive remediations to detect and Move the MS-MSDT class, this is to address CVE-2022-30190 (Follina) Vulnerability Intune Proactive Remediations The gives you some reporting on the current status of machines uncheck or having the issues remediated by these scripts Location to create a script package: From Intune > Reports &

proof of concept to CVE-2022-30190 (follina)

follina_cve_2022-30190 A proof of concept to CVE-2022-30190 (follina) usage: exploitpy [-h] [-u HOST_IP] [-p PORT] [-o OFILE] [-m {server, create}] [-s {script | script_fileps1}] [-r HOST_IP:PORT] Follina Exploitation Toolkit options: -h, --help show this help message and exit -u HOST_IP, --host HOST_IP host ip addre

This is exploit of CVE-2022-30190 on PowerPoint.

CVE-2022-30190_EXP_PowerPoint This is exploit of CVE-2022-30190 on PowerPoint Modify the suffix of the file to 'zip' and unzip the file, you can edit \ppt\slides\_rels\slide1xmlrels and replace to your vps ip:port like this, then compress them as the same way and change the suffix to 'ppsx' The default payload in 'exploithtml' is to execute th

This Repository Talks about the Follina MSDT from Defender Perspective

MSDT_CVE-2022-30190 This Repository Talks about the Follina MSDT from Defender Perspective Index About Timeline Understanding the Exploit List of IOCs Detection Strategy Testing and Researching Mitigation Plans References About The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group Mic

CVE-2022-30190 Follina POC

CVE-2022-30190 CVE-2022-30190 Follina POC Host exploithtml on localhost, port 80 Open the docx to pop calc To change the remote address the doc points to, open in 7Z and edit word\rels\documentxmlrels to point to a new location YOU MUST keep the exclamation mark It will literally not run if you omit this from the end of the URL The exploit must contain at least 3541 ch

Exploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)

Follina Exploiter CLI Tool MSDT Vulnerability (CVE-2022-30190) A Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190 Info : New Microsoft Office zero-day used in attacks to execute PowerShell Made In Python(3104) Features Execute malicious Command in Victim Device Ta

POC-msdt-follina OK, as you know, or don't know, CVE-2022-30190 vulnerability can be described as like an attacker makes some MS Office, puts inside it's structure some link ( html ), and with the help of that, he manage run a malicious code OLE object (word/_rels/documentxmlrels) Data phat puts inside, may describe link in the tags with attributes "TYPE=&quo

Phishing-钓鱼研究

Phishing-网络钓鱼攻击 钓鱼不仅是一种户外运动，更是一种网络安全攻击技术。本项目用于记录钓鱼攻击的相关内容，包括优秀的钓鱼技术技巧或优秀的钓鱼实战项目案例等。钓鱼攻击源于技术，又高于技术。钓鱼攻击源于欺骗，欺骗的尽头是免杀。深入研究并积极实践社工技术，在很多

A Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190.

Follina Exploiter CLI Tool MSDT Vulnerability (CVE-2022-30190) A Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190 Info : New Microsoft Office zero-day used in attacks to execute PowerShell Made In Python(3104) Features Execute malicious Command in Victim Device Ta

FollinaReg This is a simple python script to automate collection of artifacts for Follina (CVE-2022-30190) exploit on Windows workstations The script expects a list of computers and checks registry keys for each user on each computer on the list Each domain is scanned using VirusTotal API The results (URLs and VirusTotal scans) are stored in a file How to install git clone

Microsoft explains that “a remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application The attacker can then install programs, view, change, or delete data, or create new accounts

Aka Follina = benign POC.

cve-2022-30190 Aka Follina = benign POC Notes: Commit 5ea77 doesn't work

A Fullstack Academy Cybersecurity project examining the full cycle of the Follina (CVE-2022-30190) vulnerability, from exploit to detection and defense.

Five Nights at Follina's A Fullstack Academy Cybersecurity project examining the full cycle of the Follina (CVE-2022-30190) vulnerability, from exploit to detection and defense Team: Brian Aldrich YoungWa Kim Jay O'Neill (Binyang) Jeffrey Xu This set of tools assumes that you have a web host or can spin up a simple webserver using Python to host the generated or ex

A Python software that aims at sanitizing malware infected files.

PyRATE documentation ℹ️ This software was developed as part of a bigger project To read about it, please refer to my USB Malware Cleaner Kiosk repository ℹ️ This software is a component of the Frontend ⚠️ This python software is intended for Linux OS powered terminals It requires a few pieces of software to work that may not be indicated in this documentati

Collection of Registry Editor 🧊 files to customize your Windows 10/11 🪟 Experience!!!

Better With Reg 🧊 Trying to make windows better with the help of registry editor 👨‍💻 Backup your registry key Run Command Prompt as Administrator To back up the HKEY_CLASSES_ROOT registry key, execute the command reg export HKCR HKCRreg To back up the HKEY_CURRENT_USER registry key, execute the command reg export HKCU HKCUreg To back up the HKEY_LOCAL_MACHI

CVE-2022-30190 This Repository Talks about the Follina MSDT from Defender Perspective Index About Timeline Understanding the Exploit List of IOCs Detection Strategy Testing and Researching Mitigation Plans References About The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group Microsof

An Unofficial Patch Follina CVE-2022-30190 (patch) by micrisoft Guidelines.

Follina-CVE-2022-30190-Unofficial-patch- An Unofficial Patch Follina CVE-2022-30190 (patch) by microsoft Guidelines for more details goto : msrc-blogmicrosoftcom/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ About Program this program creates a backup of [reg file] in Program directory (Make sure you keep it safe for restore

Config files for my GitHub profile.

I've created quickly a batch solution for the CVE-2022-30190 Vulnerability It's a powershell script, which goes through a list of hostnames, and deletes the registry key associated with the CVE-2022-30190 Vulnerability // mass delete regkey CVE-2022-30190 // remote fix for CVE-2022-30190 // batch remove regkey CVE-2022-30190

Follina-CVE-2022-30190 Proof of Concept by Nee Usage python3 follinapy --payload-url "192168200144:1337/pwnhtml" What it does Creates a malicious word file which points to the payload url that you specify Hosts the default payload located in the web folder Proof Of Concept Pops calc by default Feel free to make cha

A very simple MSDT "Follina" exploit **patched**

CVE-2022-30190 IMPORTANT Patched as of: June 14th 2022 Security updates CVE Report HTML file must be served to target exaple (exploithtml) An easy way to run the attack is by running (serverpy)

Educational Exploit for CVE-2022-30190 (Follina)

Follina CVE-2022-30190 Sample Educational Follina Tool Features RTF payload generator Simple HTTP Server for payload Mitigation tips Configuration extractor Easy to use for learning Exploit Executed Successfully

Cve-2022-30190

Cve-2022-30190

Follina (CVE-2022-30190) proof-of-concept

go_follina Follina (CVE-2022-30190) proof-of-concept Inspired from : githubcom/JohnHammond/msdt-follina githubcom/chvancooten/follinapy

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina Info : New Microsoft Office zero-day used in attacks to execute PowerShell Summary On the 29th of May 2022, the Nao_Sec team, an independent Cyber Security Research Team, discovered a malicious Office document shared on Virustotal This document is using an unusual, but known scheme to infect its victims The scheme

Follina, la vulnerabilidad de Microsoft Office CVE-2022-30190 Follina es una vulnerabilidad de día cero que surge cuando el MSDT (Microsoft Support Diagnostic Tool) es llamado utilizando el protocolo URL de una aplicación como por ejemplo, Microsoft Office Word Al explotar esta vulnerabilidad, un actor malicioso puede ejecutar código remoto (RCE) con los m

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina Info : New Microsoft Office zero-day used in attacks to execute PowerShell Summary On the 29th of May 2022, the Nao_Sec team, an independent Cyber Security Research Team, discovered a malicious Office document shared on Virustotal This document is using an unusual, but known scheme to infect its victims The scheme

Server to host/activate Follina payloads & generator of malicious Word documents exploiting the MS-MSDT protocol. (CVE-2022-30190)

Follina MS-MSDT exploitation with Spring Boot This repository contains a simple Spring Boot application that acts both as a server to host/activate Follina payloads, and as a generator for malicious Word documents that are ready to be used as attack vectors to exploit CVE-2022-30190 This vulnerability consists of Remote Code Execution through MSDT (Microsoft Windows Support Di

An NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft

MSDT Patcher, aka CVE-2022-30190-NSIS This is an NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft Download the executable here How does it work? When run, it checks for the presence of the key HKCR\ms-msdt If the key exists, it assumes the machine is vulnerable and offers to apply the mitigation patch

Microsoft Office Word Rce 复现(CVE-2022-30190)

CVE-2022-30190 Microsoft Office Word Rce 复现(CVE-2022-30190) 漏洞简介 MS Office docx 文件可能包含作为 HTML 文件的外部 OLE 对象引用。有一个 HTML 场景 ms-msdt: 调用 msdt 诊断工具，它能够执行任意代码（在参数中指定）。 结果是一个可怕的攻击向量，通过打开恶意 docx 文件（不使用宏）来获取 RCE。 开始

Simple Follina poc exploit

Follina - CVE-2022-30190 Follina is a zero day allowing code execution in Office products Installation git clone githubcom/WesyHub/CVE-2022-30190---Follina---Poc-Exploitgit Usage Example : python3 FollinaSploitpy -c calc -o pocdocx -p 80 Please make sure to send the doc or rtf file to the

These are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)

🩹CVE-2022-30190 Temporary Fix🩹 (Source Code) These are the source codes of two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina) Both can be programmed better, but this is just to implement it as quickly as possible and I did it without much Python knowledge, but the important part is it works! H

These are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)

🩹CVE-2022-30190 Temporary Fix🩹 These are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina) Both can be programmed better, but this is just to implement it as quickly as possible and I did it without much Python knowledge, but the important part is it works! Hehe What do these 'exe'

A pure python implementation of microsoft-diagcab-rce-poc from Imre Rad

dogwalk A pure python implementation of microsoft-diagcab-rce-poc from Imre Rad After the recent CVE-2022-30190 (aka Follina) came out, a previously reported vulnerability on MSDT, the tool used for the Follina exploit, resurfaced This vulnerability was reported to Microsoft in January 2020 by Imre Rad Microsoft had deemed this as being not a security issue This repository

Mitigates the "Folina"-ZeroDay (CVE-2022-30190)

mitigate-folina Mitigates the "Folina"-ZeroDay (CVE-2022-30190) and "Search"-Nightmare (no CVE given at the moment) This script will backup and then remove the affected registry key (as suggested by Microsoft) to mitigate CVE-2022-30190) If parameterized with "-revert" the script will reimport the key This can be used when Microsoft releases a pa

Just another PoC for the new MSDT-Exploit

CVE-2022-30190-follina Just another PoC for the new MSDT-Exploit To edit the Doc, just open with 7z, xarchiver, to change the value in word\rels\documentxmlrels to your IP The exploit must contain at least 3541 characters before the windowlocationhref, and they must be within the script tag Now there are about 9000, just to be sure More about the exploit: www

Silent Exploit

Silent exploit test video : wwwyoutubecom/channel/UCt4V0rpTLBCMDcX-jcnGngQ with startup and normal Purchase:zerodayexploit1sellixio/ Support:tme/acordx CVE-2022-30190 silent exploit android silent exploit warzone silent exploit silent exploit github fud silent exploit silent exploit builder cracked 0day silent exploit silent exploit android jpg sil

MSDT protocol disabler (CVE-2022-30190 patch tool)

NOTE: This tool is now obsolete! The Follina exploit is now fixed as of June 14, 2022 Which means: if you used this tool, you can now enable the MSDT protocol again if you still have the backup reg file, of course The MSDT Protocol Disabler is a tool that disables the MSDT protocol (ms-msdt://) It is a simple patch tool for patching the zero-day CVE-2022-30190/Follina vu

安全好文整理，松鼠症患者福音

收集的微信公众号好文 一、红队 1基础设施 包括工具开发/使用、环境搭建、C2 修改/隐匿 ATT&CK矩阵的攻与防html 红队标准手册html 红队指南pdf 红蓝对抗｜蜜罐的几招重要战术布防！html 红队必备-防蜜罐抓到被打断腿html 批量截获机场节点：科学上网工具安全分析html 红蓝对抗』