Skip to content

Latest commit

 

History

History
30 lines (20 loc) · 1.67 KB

README.md

File metadata and controls

30 lines (20 loc) · 1.67 KB

🇮🇱 #BringThemHome #NeverAgainIsNow 🇮🇱

We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home. https://stories.bringthemhomenow.net/

🛡️ CVE-2024-21378

This repository contains an exmple of an exploit for targeting Microsoft Outlook through Exchange Online, leveraging a vulnerability to execute arbitrary code via COM DLLs. The exploit utilizes a modified version of Ruler to send a malicious form as an email, triggering the execution upon user interaction within the Outlook thick client. Exploit Overview

The exploit works by obtaining access tokens via device code phishing/vishing, then crafting a COM compliant DLL that is sent as a form attachment using Ruler. The user interaction within Outlook is required to trigger the form execution, leading to the loading of the malicious DLL into the Outlook process. Instructions

Obtain refresh tokens via device code phishing/vishing.
Compile a COM DLL containing the desired code.
Modify the provided Python script with the target URL, access token, recipient email, DLL path, and CLSID.
Run the Python script to send the malicious form to the target Outlook account.
Wait for the user to interact with the email in the Outlook client to trigger the execution.

Requirements

Python 3.x
Requests library (pip install requests)

Disclaimer

This exploit is for educational purposes only. Misuse of this tool may violate laws and regulations. Use responsibly and only on systems you are authorized to test.