关联漏洞
标题:
Microsoft OLE 资源管理错误漏洞
(CVE-2025-21298)
描述:Microsoft OLE是美国微软(Microsoft)公司的一种面向对象的技术。 Microsoft OLE存在资源管理错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Wi
描述
A safe CTF challenge demonstrating CVE-2025-21298 using RTF and OLE objects.
介绍
# RTF CTF Challenge - CVE-2025-21298 (Safe Demo)
This repository contains a **safe** Capture The Flag (CTF) challenge designed to demonstrate the concept of **RTF-based OLE exploits** (similar to CVE-2025-21298) **without any real malicious payload**.
## 🔍 Challenge Objective
Your goal is to extract and analyze an **RTF file** to uncover a hidden **flag** inside an embedded OLE object.
🔍 How to Solve the Challenge
After players receive safe_exploit.rtf, they can extract the OLE object using:
Python 3 (For running oletools)
1 oletools (for analyzing RTF files)
🔹 A Python toolset to inspect OLE objects in RTF and Office documents.
🔹 Install it via pip:
bash
pip install oletools
or
2 rtfobj (from oletools)
🔹 Extracts and inspects OLE objects embedded inside RTF files.
🔹 Usage:
rtfobj ctf_cve_2025_21298.rtf
#
bash
rtfobj safe_exploit.rtf
The extracted data will reveal:
FLAG{SAFE_...}
This simulates how real-world CVE exploits hide payloads in OLE objects inside RTF files.
文件快照
[4.0K] /data/pocs/872bc27714589ee2c063a2bfad7908c611a13bb3
├── [ 159] ctf_cve_2025_21298.rtf
└── [1.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。