Skip to content

Latest commit

 

History

History
82 lines (57 loc) · 3.11 KB

README.md

File metadata and controls

82 lines (57 loc) · 3.11 KB

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC

🚀 Usage

Ensure you have appropriate permissions and authorization from the target system owner before using this script.

Prerequisites

  • Python 3.x
  • impacket-smbserver

Usage Example

sudo python3 CVE-2024-21413.py

🛠️ Features

  • Email Sending: Utilizes SMTP to send an email with both plain text and HTML parts.
  • HTML Templating: Supports reading HTML templates from the Templates folder and replacing placeholders with actual values.
  • Attachment: Automatically creates and attaches an exploit.rtf file to the email.
  • Impacket Integration: Optionally starts an Impacket SMB server to capture NTLM hashes for further analysis.

📜 Description

This script prompts the user to provide SMTP server details, email credentials, recipient information, URL, subject, and select an email template from the Templates folder. Based on the chosen template, the script will prompt for additional input specific to that template. After gathering the required information, it sends an email with the specified content and attachments. Additionally, it can start an Impacket SMB server to capture NTLM hashes for further analysis.

📧 Email Templates

The email templates are stored in the Templates folder. After running the script, you will be prompted to choose an email template file from this folder. Depending on the selected template, you will need to provide different inputs.

Available Email Templates:

  1. Blocked Account Reset Password Email Template
  2. Account Notification Email Template

Parameters

Based on the selected email template, the following parameters are required:

  • SMTP Server Name: Hostname or IP of the SMTP server.
  • SMTP Port: Port number of the SMTP server.
  • Username: SMTP server username for authentication.
  • Password: SMTP server password for authentication.
  • Sender Email: Email address of the sender.
  • Recipient Email: Email address of the recipient.
  • URL: URL to include in the email.
  • Subject: Email subject.

For the "Blocked Account Reset Password Email Template," additional parameters like recipient's first name is needed.

Demos

Executing the Script using Microsoft Suspicious Login Template Email

Microsoft-1

Executing the Script using Blocked Account Reset Password Template Email

Microsoft-2

Possible Escalations

You can chain this CVE with CVE-2023-21716 or CVE-2022-30190 to obtain Remote Code Execution (RCE).

⚠️ Disclaimer

This tool is intended for educational and ethical testing purposes only. Unauthorized scanning, testing, or exploiting of systems is illegal and unethical. Ensure you have explicit, authorized permission to engage in any testing or exploitation activities against target systems. The script needs to be run as a superuser.

📌 Author

Dionis Shabani