MSDT asking for passkey

[prajshete]

after executing the document, the msdt tool is asking for passkey, which is why the exploit is facing issues to get the desired output. Any workaround ?

[hycheng15]

Same here. I guess that Microsoft patched the msdt tool?
I use Windows 10 Education 21H2 and Office 2019 Enterprise (ODT).
Want to know if anyone successfully exploited.

[cd-regulus]

As you say @meowhua15 Microsoft patched the MSDT tool due to possible malicious usage.
Based on this article I found seems that msdt tool was "removed" after Windows 10 build 1809.
I managed to replicate Follina in a Windows 10 build 1803 with Office Enterprise 2019 and worked like a charm !
Hope I was useful :)

[ponciste]

@cd-regulus Hello! I'm having trouble finding an iso to install Windows 10 build 1803. Would mind sharing where you found it? I'd love to replicated the follina exploit but until now, both on Windows 11 and Windows 10 home I was unable.

[hycheng15]

@ponciste Hi, I successfully replicate the exploit using Windows 10 21H2 build 19044.1288
I put the iso file and related Office ODT install configuration at my repo.
Hope it helps!

[standardfxassets4]

@meowhua15
Bro you sure you got it fixed?

[ponciste]

@meowhua15 Thank very much for your reply, it helped!
@standardfxassets4 I was also able to replicate it with Windows 10 build 19044.1288 as @meowhua15 suggested.

Two things to keep in mind:

1. Virus and Threats real-time protection must be deactivated to replicate the exploit.
2. Reverse-shell does not work for me.

If anyone has an idea how to bypass the Virus and Threat real-time protection for follina.doc to be opened without triggering Microsoft Defender I would very much appreciate it.