Table of contents
Vulnerability Profile
Since WeChat uses the google kernel, google released a 0day remote code execution vulnerability a few days ago, but the sandbox needs to be turned off, while WeChat uses an old version of the google kernel, and the sandbox is turned off by default, so as long as the WeChat user clicks on a malicious link, it can Direct access to the PC computer permissions
Affected version
- <=3.2.1.141 (Windows system)
CS installation
- Download link: https://pan.baidu.com/s/19En7Pkz7HIeey82PUvEBwQ Extraction code: fczw
- Run the following command on kali
- ./teamserver Local IP 123456
- ./cobaltstrike
Vulnerability recurrence
- POC link: https://pan.baidu.com/s/1DwkxptLNcovYIt9hVIy4tw Extraction code: r6z7
1. Build cs and set up an http or https listener
2. After saving, you can see the http listener we configured in 'Listeners'
3. Generate payload
4. Then select the monitor we created earlier, and select 'C#' as the language.
5. Set the saved file location, the default file name is payload.cs, and the content is as follows.
6. Then we copy the code in curly braces in cs to our shellcode value in js.
7. Create an exploit.html file to call the js file, visit the root directory of the website with apache enabled, and then send the link through WeChat, then we click the link, and the cs goes online successfully.
repair suggestion
-
WeChat updated to the latest version
-
Don't click unfamiliar links