# CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC

## ๐Ÿš€ Usage

Ensure you have appropriate permissions and authorization from the target system owner before using this script.

### Prerequisites

- Python 3.x
- `impacket-smbserver` 

### Usage Example

sudo python3

## ๐Ÿ› ๏ธ Features
- Email Sending: Utilizes SMTP to send an email with both plain text and HTML parts.
- HTML Templating: Supports reading HTML templates from the Templates folder and replacing 
placeholders with actual values.
- Attachment: Automatically creates and attaches an exploit.rtf file to the email.
- Impacket Integration: Optionally starts an Impacket SMB server to capture NTLM hashes for 
further analysis.

## ๐Ÿ“œ Description
This script prompts the user to provide SMTP server details, email credentials, recipient 
information, URL, subject, and select an email template from the Templates folder. 
Based on the chosen template, the script will prompt for additional input specific to 
that template. After gathering the required information, it sends an email with the 
specified content and attachments. Additionally, it can start an Impacket SMB server to 
capture NTLM hashes for further analysis.

## ๐Ÿ“ง Email Templates
The email templates are stored in the Templates folder. After running the script, you 
will be prompted to choose an email template file from this folder. Depending on the 
selected template, you will need to provide different inputs.

Available Email Templates:

1. Blocked Account Reset Password Email Template
2. Account Notification Email Template

### Parameters
Based on the selected email template, the following parameters are required:

- `SMTP Server Name:` Hostname or IP of the SMTP server.
- `SMTP Port:` Port number of the SMTP server.
- `Username:` SMTP server username for authentication.
- `Password:` SMTP server password for authentication.
- `Sender Email:` Email address of the sender.
- `Recipient Email:` Email address of the recipient.
- `URL:` URL to include in the email.
- `Subject:` Email subject.

For the "Blocked Account Reset Password Email Template," additional parameters like recipient's first name is needed.

### Demos

### Executing the Script using Microsoft Suspicious Login Template Email


###  Executing the Script using Blocked Account Reset Password Template Email


## Possible Escalations

You can chain this CVE with CVE-2023-21716 or CVE-2022-30190 to obtain Remote Code Execution (RCE).

## โš ๏ธ Disclaimer
This tool is intended for educational and ethical testing purposes only. Unauthorized 
scanning, testing, or exploiting of systems is illegal and unethical. Ensure you have 
explicit, authorized permission to engage in any testing or exploitation activities 
against target systems. The script needs to be run as a superuser.

## ๐Ÿ“Œ Author

**Dionis Shabani**

- [LinkedIn](