msdt-follina
msdt-follina copied to clipboard
JohnHammond
No longer working
I think this may have been patched. DOC opens but no payload. Tell me if I am wrong here.
Same experience in my testing. I tried with both Windows 10 21H2 (19044.1706) and Windows 11 21H2 (22000.593); Both running "Microsoft 365 Apps for enterprise 16.0.15225.20204"
still work for me... don't forget to turn off windows Defender or any anti virus app
@Mikusho does it work when you only launch exploit.html from a browser ? It opens MSDT but with pass key and nothing happens for me ? Do you have an idea about this ? I just lauch the script, go to the link, execute the payload directly or from the word document but either nothing happens either it demands pass key... Do you have a path ? Thank you, Regards
@SamuelGaudemer no, you can't run directly from a browser. You need to run it with malDoc, that's how this exploit works. if you open malDoc and nothing happen maybe your malDoc not connected with the server you made.
Ok, but my maldoc is connecting and retrieving exploit.html, i have GET requests becoming from the infected PC, but msdt does not open...
Ok problem resolved. I had a bad version of Office. Office Deployment Tool version 2019 works perfectly !
Only opens the browser (IE) and show the payload on search bar : "ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=? IT_LaunchMethod=ContextMenuIT_BrowseForFile=/../../$(calc)/.exe"" (open cal.exe) What am i doing wrong?
I was able to get the script running on a Windows 2019 Server in AWS. I used the Google Chrome Browser to download the attachments from an EC2 hosting the payloads with Microsoft Defender turned off. Below is a screenshot of it working
Hello, I was trying John POC, but its asking for passkey by MSDT. Is there anyway I can bypass this passkey? I am using windows 10 21H2, build 19044.3086 and office 2016.
Is there any specific OS and office that i can use ? your help will be highly appreciated.
Thanks
