A quick down and dirty demo using John Hammonds PoC code.
Lets grab the Folliina PoC from John Hammond found above, you will also see a handful of example usage however I just went with the below example for testing purposes, which grabs a reverse shell.
So lets run the below which will download an NC binary onto the victims systems and connect back on the specified port, this time its port 80.
As you can see the follina.doc is created ready to be ran on the victims system. It also sets up a listener for reverse shell.
We can then copy over the malicious payload.
And run it.
Note that there is no prompt for enabling Macros, once the file is opened we should receive our connection back on the attacker system.
And there we have it our reverse shell, very simply and dangerous attack path