Now I understand HTTPS is secure. The docx POC generated from the builder was detected by 7 Antivirus, a little relief! Until I decided to generate the file with HTTPS in URL :-(
#CVE-2021-40444 #0day#hacking#redteam#infosec#virustotal
I have made 3 builders for docx, cab, and HTML for CVE-2021-40444. Goal is to test how easily we can bypass static AV detections for the DOCX file, by just tampering with some characters.
https://t.co/54pwDdgjwt
The results were very predictable.
#infosec#hacking#redteam
To achieve exploitation via preview pane, just convert the generated docx to RTF.
PS: Read RTF specs, check old RTF exploit variants. RTF exploits are more fun to FUD, and the tricks are countless. #cve-2021-40444
I'm too late at CVE-2021-40444 party. But i just wanted to take a look at MSIE exploitation. Awesome to see a full exploit (RCE w/ sandbox escape) only using 6 lines of javascript code. Cool no doubt.
@novitoll@ulexec cabarc.exe -i 1234 -p -m NONE n https://t.co/T9ITSdTHaF "../championship.inf", Then you need to change the DLL size. Maybe I will release a cab generator tool on github.
@io_r_us @Edgespot_io No this is not cve-2019-5786. But it seems a PDF document used by readnotify (a service used to know if the receiver of an email read the email, or opened an attachment.)
Help decrypting MS Equation editor sample #cve-2018-0802. This sample is detected by just 3 AV on virustotal and is encrypted using AES/RSA. https://t.co/lFKlZnToVS
PS: You need to rename it to .xlsx for it to work.