Exploit for CVE-2022-30190

## https://sploitus.com/exploit?id=CEC4033D-26C5-5A07-8D86-31A7AF928BDB
# CVE-2022-30190

> Based on https://github.com/JohnHammond/msdt-follina

## Environment Setup
> Use files in /env-setup
1. Virtual Machine: use VirtualBox and [Win10_21H2_English_x32.iso](https://drive.google.com/file/d/1J2vBbrps2A3LL3XMexloBt70OdvI_vWn/view?usp=drive_link) (Build 19044.1288)
2. Install Microsoft Word, run `setup.exe /configure configuration.xml` using cmd inside /env-setup/odt-2013
3. Install Python 3.8.10

## Exploitation
1. Turn off Virus and Threat Scanning in Window's settings
2. Make sure you have all the Python packages needed
    * Often need to install netifaces using `pip install netifaces`
3. Get your machine's IP address (`ipconfig`)
4. Run `py folina.py -i <ip-address>` (refer to the original repo for more details)
5. Open the malicious doc file. Then the msdt, sdiagnhost and a calcualtor should pop up

<img src="https://github.com/meowhua15/CVE-2022-30190/assets/74200918/b3dc2360-11f4-476e-b457-0f5108ef5172"  width=40%> <img src="https://github.com/meowhua15/CVE-2022-30190/assets/74200918/e73ff6ae-727c-4c5f-a370-7c80790ff8d5"  width=40%> <img src="https://github.com/meowhua15/CVE-2022-30190/assets/74200918/111b6e3e-b106-4a09-bd39-76ea6b8561bc"  width=40%>