0x6rss / CVE-2025-24071_PoC Public

Notifications You must be signed in to change notification settings
Fork 53
Star 332

CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File

332 stars 53 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
README.md		README.md
poc.py		poc.py

Repository files navigation

CVE-2025-24071_PoC

CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File

Windows Explorer automatically initiates an SMB authentication request when a .library-ms file is extracted from a .rar archive, leading to NTLM hash disclosure. The user does not need to open or execute the file—simply extracting it is enough to trigger the leak.

blog post:

https://cti.monster/blog/2025/03/18/CVE-2025-24071.html

usage

>>python poc.py

>>enter file name: your file name

>>enter IP: attacker IP

video

poc.mp4

update:

Update: Microsoft has changed its CVE number. The CVE number previously defined by Microsoft, CVE-2025-24071, has been updated to CVE-2025-24054.🤷‍♂️

About

CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File

Report repository

Releases

No releases published

Packages

No packages published

Languages

Python 100.0%