Skip to content
/ CVE-2018-4878 Public
forked from R3dFruitRollUp/CVE-2018-4878

Aggressor Script to launch IE driveby for CVE-2018-4878

3 stars 37 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

FOGSEC/CVE-2018-4878

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
CVE-2018-4878.cna
CVE-2018-4878.cna
 
 
README.md
README.md
 
 

Repository files navigation

Author and Credits

Author: Vincent Yiu (@vysecurity)

Credits:

  • @evi1cg: Helping me test and keep me motivated
  • @smgoreli: Original Calc.exe PoC
  • @kbandla: He knows, and I know. ;)

Disclaimer

Developed to encourage more Aggressor script development. Use only in authorized penetration testing!

Description

Aggressor Script to launch an Internet Explorer driveby attack using CVE-2018-4878 exploit for Shockwave Flash player versions before February 2018.

Usage:

Video Demonstration: https://www.youtube.com/watch?v=JhUlOIEdq0s

  • Click Host > Host CVE-2018-4878 Payload > Host
  • Send link to victim or embed as part of other pages or a redirect
  • Victim hits link with IE and outdated flash, you get a shell back in IE sandbox.

CobaltStrike

  • Load CVE-2018-4878.cna

About

Aggressor Script to launch IE driveby for CVE-2018-4878

Topics

windows exploit phishing drive ie cve internet-explorer drive-by-download aggressor-scripts phishing-attacks phish by phishing-sites privesc aggressor aggressor-script stager drive-by cve-2018-4878

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published