Hello aspiring hackers. Today we are going to learn about a remote code execution exploit in Microsoft Windows. Its called Microsoft Windows Lnk CVE_2017_8464_lnk_rce exploit. Earlier also we have seen some LNK vulnerabilities in Microsoft Windows but this one is special. You know why? A victim need not even click on the file we are creating as part of this exploit. We can host this file on a web server and direct our victim to that site. Otherwise we can save the file to a USB drive and insert it in our target’s system. Both require a bit of social engineering.
This exploit works due to a vulnerability in Microsoft Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploits this vulnerability could gain the same user rights as the local user. Let us see how this exploit works.
Load the exploit as shown below and check the options it requires. using “show options” command.
Type command “info” to see more information about the module.
Set the windows/meterpreter/reverse_tcp payload and configure its options as shown below.
Set the LHOST address and run the exploit. It will create a file in the folder as shown below.
Now send the file to our victim using any one of the methods discussed above. We will get a meterpreter session as shown below.
If the exploit got interrupted as shown below, type command “sessions -l” to see the available meterpreter sessions as shown below.