• Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC

Status
Not open for further replies.

dEEpEst

☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Mar 29, 2018
Messages
13,861
Solutions
4
Reputation
32
Reaction score
45,552
Points
1,813
Credits
55,350
‎7 Years of Service‎
 
56%
CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC

Description

This script presents a proof of concept (PoC) for CVE-2024-21413, a significant security vulnerability discovered in Microsoft Outlook with a CVSS of 9.8. Termed the #MonikerLink bug, this vulnerability has far-reaching implications, including the potential leakage of local NTLM information and the possibility of remote code execution. Moreover, it highlights an attack vector that could bypass Office Protected View, thereby extending its threat to other Office applications.

Usage

Use this tool responsibly and ensure you have authorization from the target system's owner. This script requires SMTP authentication to send an email, bypassing SPF, DKIM, and DMARC checks, which helps in simulating a real-world attack scenario more effectively.

python CVE-2024-21413.py --server "<SMTP server>" --port <SMTP port> --username "<SMTP username>" --password "<SMTP password>" --sender "<sender email>" --recipient "<recipient email>" --url "<link URL>" --subject "<email subject>"




Parameters:

  • --server: SMTP server hostname or IP.
  • --port: SMTP server port.
  • --username: SMTP server username for authentication.
  • --password: SMTP server password for authentication.
  • --sender: Sender email address.
  • --recipient: Recipient email address.
  • --url: Malicious path to include in the email.
  • --subject: Email subject.



Initial Sending

Screenshot-2024-02-17-09-42-48-94-40deb401b9ffe8e1df2f1cc5ba480b12.jpg


Display in Outlook (no warnings, no Protected view)

Screenshot-2024-02-17-09-42-31-20-40deb401b9ffe8e1df2f1cc5ba480b12.jpg


Wireshark capture including NTLM credentials (you can also run impacket, alternatively)

Screenshot-2024-02-17-09-43-08-51-40deb401b9ffe8e1df2f1cc5ba480b12.jpg


Why SMTP Authentication?

SMTP authentication is crucial for this demonstration to ensure the email sent bypasses common email validation checks such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance). These security measures are designed to detect and prevent email spoofing, where attackers send emails from a forged address. By using authenticated SMTP, the demonstration closely mimics how a sophisticated attacker might circumvent these protections, making the testing environment more realistic and highlighting the importance of comprehensive email security practices.

Download 

To see this hidden content, you must like this content.
This link is hidden for visitors. Please Log in or register now.


 
useful article, as usual I express respect, do more such useful articles

 
Status
Not open for further replies.
Back
Top