This Python script is used to abuse the CVE-2024-21413 coined "MonikerLink" TryHackMe Room: MonikerLink
This PoC has been created for a lab environment which means the server needs to be configured in a specific setting (i.e. TLS authentication is not supported for convenience). The actual vulnerability is very real, however, this is provided as a training ground. As this is for a specific lab environment, where the code is kept as basic as possible for a specific audience, I will not be adding features to this. If you are looking for a "more developed" PoC, I recommend checking out Xaitax's.
Due to the above, I will most likely not be accepting PRs. Please feel free to fork and work on your fork, or create a new repo :)
The victim runs a hMailserver with the following inboxes:
The password for the mailboxes are the same as the username i.e. attacker:attacker.
-
You will need to edit your hosts file to have the machine in your hosts file
IPADDRESS monikerlink.thm
-
You need to setup a responder on the interface
responder -I eth0
Alternatively, you can start an impacket server:
impacket-smbserver -smb2support -ip 0.0.0.0 test /tmp
I have uploaded the machine that runs the mail sever and Outlook client as an OVA. I will not guarantee its availability as I soon expect to have a room on TryHackMe for this. You can download it here. You will most likely need to re-arm Office. You will have to google the instructions:)
If you use this, please just attribute that you sourced it from this repo, or, see the "Attribution" heading at the end of this README.
Additionally, I will not be offering support for this. If you want to try this online, please see my room on TryHackMe
CVE-2024-21413
SHA256 01458DF6AC15F647BD901C0B39638CE9040E982DA2EE71737F330F392D7E867D
tryhackme : Kkh3gv439dnq!
administrator : D4nnyphant0m!
A Yara rule has been created by Florian Roth to detect emails containing the file:\\ element.
Microsoft has released updates for Microsoft Office.
If you download and use the lab/OVA attached to this OVA please just attribute me (CMNatic) and this repository (https://github.com/CMNatic/CVE-2024-21413). Feel free to use the lab as you please (i.e. courses, education, training, practice, etc) but remember that I do not guarantee its availability, nor will I offer any support.
If you are using the exploit/PoC, you must adhere to the "Disclaimer" below. Please don't be silly...only run this on systems that you own or have explicit permission (in writing) to test.
This repo is intended for educational and ethical testing purposes only. Unauthorized scanning, testing, or exploiting of systems is illegal and unethical. Ensure you have explicit, authorized permission to engage in any testing or exploitation activities against target systems.