## https://sploitus.com/exploit?id=434CE9B5-0A1A-5AFB-A8A8-4444071152E1
# CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC
## ๐ Usage
Ensure you have appropriate permissions and authorization from the target system owner before using this script.
### Prerequisites
- Python 3.x
- `impacket-smbserver`
### Usage Example
```bash
sudo python3 CVE-2024-21413.py
```
## ๐ ๏ธ Features
- Email Sending: Utilizes SMTP to send an email with both plain text and HTML parts.
- HTML Templating: Supports reading HTML templates from the Templates folder and replacing
placeholders with actual values.
- Attachment: Automatically creates and attaches an exploit.rtf file to the email.
- Impacket Integration: Optionally starts an Impacket SMB server to capture NTLM hashes for
further analysis.
## ๐ Description
This script prompts the user to provide SMTP server details, email credentials, recipient
information, URL, subject, and select an email template from the Templates folder.
Based on the chosen template, the script will prompt for additional input specific to
that template. After gathering the required information, it sends an email with the
specified content and attachments. Additionally, it can start an Impacket SMB server to
capture NTLM hashes for further analysis.
## ๐ง Email Templates
The email templates are stored in the Templates folder. After running the script, you
will be prompted to choose an email template file from this folder. Depending on the
selected template, you will need to provide different inputs.
Available Email Templates:
1. Blocked Account Reset Password Email Template
2. Account Notification Email Template
### Parameters
Based on the selected email template, the following parameters are required:
- `SMTP Server Name:` Hostname or IP of the SMTP server.
- `SMTP Port:` Port number of the SMTP server.
- `Username:` SMTP server username for authentication.
- `Password:` SMTP server password for authentication.
- `Sender Email:` Email address of the sender.
- `Recipient Email:` Email address of the recipient.
- `URL:` URL to include in the email.
- `Subject:` Email subject.
For the "Blocked Account Reset Password Email Template," additional parameters like recipient's first name is needed.
### Demos
### Executing the Script using Microsoft Suspicious Login Template Email
![Microsoft-1](https://github.com/dshabani96/CVE-2024-21413/assets/107131685/25701e85-a558-4ea9-91bf-48d187608685)
### Executing the Script using Blocked Account Reset Password Template Email
![Microsoft-2](https://github.com/dshabani96/CVE-2024-21413/assets/107131685/0d7641fd-8fdf-4336-945d-fa02bba3d9b8)
## Possible Escalations
You can chain this CVE with CVE-2023-21716 or CVE-2022-30190 to obtain Remote Code Execution (RCE).
## โ ๏ธ Disclaimer
This tool is intended for educational and ethical testing purposes only. Unauthorized
scanning, testing, or exploiting of systems is illegal and unethical. Ensure you have
explicit, authorized permission to engage in any testing or exploitation activities
against target systems. The script needs to be run as a superuser.
## ๐ Author
**Dionis Shabani**
- [LinkedIn](https://www.linkedin.com/in/dionis-s-892220202/)