This post is by a banned member (0x0777) - Unhide
26 May, 2019 - 04:32 AM
Reply
Yeah but it's not working in latest window o.s. This exploit is good, window 8.1 is still vulnerable in this exploit.
This post is by a banned member (staffgh) - Unhide
27 May, 2019 - 06:51 PM
Reply
This post is by a banned member (sanguous) - Unhide
27 May, 2019 - 08:40 PM
Reply
(16 March, 2019 - 09:26 PM)0dayExploit Wrote: Show MoreFor research purposes:
In this guide you will learn how to create a .htm file which can execute arbitrary commands in the remote powershell. This is working on all Windows versions and exploits Internet Explorer / Microsoft Office. First of all, the MSHTML Engine is vulnerable due to improper validation of specially crafted web documents (html, xhtml, etc). In other words, the exploit is triggered when users “edit” the documents. These documents are containing a ‘meta’ HTML tag set to ‘ProgId’ and its content set to ‘ProgId’. In this example we use ‘HTAFILE’ to exploit MS IE Browser or MS Office. On patched systems, the file will always open in notepad for editing.
First we will begin with a simple HTML document, opening the HTMl, HEAD and meta tag. As stated before, we are filling the content of the meta with ‘HTAFILE’, and the name as ‘ProgId’.
Now you have successfully made an exploited .htm file which executes the shell command to run calculator. You can edit this for any of your hacking needs.
Happy hacking!
Source: https://www.0dayexploits.net/2019/03/16/...loit-free/
thank you for your contributon
This post is by a banned member (samorog) - Unhide
28 May, 2019 - 09:13 AM
Reply
fhjfsijh sdfk fh sf fhsih fhih fsfisoh shshs
This post is by a banned member (mevita) - Unhide
09 September, 2019 - 11:11 AM
Reply
This post is by a banned member (Hackerstonic7872) - Unhide
31 December, 2019 - 03:01 AM
Reply
This post is by a banned member (qwe2327558237) - Unhide
06 October, 2020 - 07:57 PM
Reply
This post is by a banned member (lMeltedl) - Unhide
04 April, 2021 - 05:28 PM
Reply
(16 March, 2019 - 09:26 PM)0dayExploit Wrote: Show MoreFor research purposes:
In this guide you will learn how to create a .htm file which can execute arbitrary commands in the remote powershell. This is working on all Windows versions and exploits Internet Explorer / Microsoft Office. First of all, the MSHTML Engine is vulnerable due to improper validation of specially crafted web documents (html, xhtml, etc). In other words, the exploit is triggered when users “edit” the documents. These documents are containing a ‘meta’ HTML tag set to ‘ProgId’ and its content set to ‘ProgId’. In this example we use ‘HTAFILE’ to exploit MS IE Browser or MS Office. On patched systems, the file will always open in notepad for editing.
First we will begin with a simple HTML document, opening the HTMl, HEAD and meta tag. As stated before, we are filling the content of the meta with ‘HTAFILE’, and the name as ‘ProgId’.
Now you have successfully made an exploited .htm file which executes the shell command to run calculator. You can edit this for any of your hacking needs.
Happy hacking!
Source: https://www.0dayexploits.net/2019/03/16/...loit-free/ Interesting, thanks for the post!
|
