 And now, after this demo of cv2017.199, I'm going to show you how to create such a file with Metasploit. And now, just for the fun of it, I'm going to use Metasploit on Windows. Not on Linux or Khan Linux, but on Windows. So here in the Metasploit folder, I launch the console, which will take some time. OK, so now the console is started. And I'm going to use this exploit module for cv2017.199, made by Nixhawk. So use exploit, Windows, file format, Office, Word, HTA. Now if you don't have that on Metasploit, that's because when I'm using it here, it was not yet merged into Metasploit. So I had to install it and I'm showing that later. So, but that's the exploit. These are the options, a filename and a target URI. So the filename, I'm choosing testRTF and the target URI is on my site.com, test.hta, like this. And then I just run. And now the file has been created here. So I can go here into command prompt and have a look at the file. So it's an RTF file. You can here see object object outlink and also the object update, important. And here object data, you can see actually an OLE file. It's also a very small file. This is the OLE file. And that's it. So we can analyze this with my tools, RTF dump. So it's a very small file, only 14 entities. And this one here has the object data, entity 10. So let's select this, do a hex dump and get the information about the embedded OLE file. And you can see here this Metasploit exploit also uses the OLE 2 link identifier. And it's a dog file. So I can extract this, dump it and then pipe it in OLE dump, like this. I have three streams, three small streams. So select one. And here you can see the target URE in Unicode, http, ddstavens.com, testHDA. And here, this part here, that is URLMonikerGrid. So that is the file. Now this Metasploit exploit, I got it. Here from the GitHub from NixAug, who merged it, who made a pull request for the Metasploit. But it has not yet been merged. So I took the two files here. CVE 2017, 199 RTF in data exploits. And then the Ruby program itself in modules exploit windows file format, Office Word, HDA, the Ruby file. So I downloaded those two files. And then I put them here in the Metasploit folder, in apps pro vendors, here. Bundle, Ruby, 230, gems. And then the Metasploit framework gem here. And so the RTF file, I put that in data exploits. Here you have the RTF file and the module itself, the Ruby program in modules, exploits, windows, file format. And so here, OfficeWordHDA.rb, where you have to put it.