Pennyw0rth
New module : drop-library-ms
Description
Simple module to exploit CVE-2025-24071 to get NTLMv2 hash without user action. This module is heavily influenced by other similar modules like drop-sc, slinky and scuffy.
Requested by issue #652
Type of change
- [x] New feature (non-breaking change which adds functionality)
How Has This Been Tested?
Against GOAD, casually opening a folder with a .library-ms file in it.
Screenshots (if appropriate):
Checklist:
- [x] I have ran Ruff against my changes (via poetry:
poetry run python -m ruff check . --preview, use--fixto automatically fix what it can) - [x] I have added or updated the tests/e2e_commands.txt file if necessary
- [x] New and existing e2e tests pass locally with my changes
- [x] My code follows the style guidelines of this project (should be covered by Ruff above)
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
It's been a full week since this was requested; any updates? I was hoping this would be in the tree prior to my late June to early July attempt at the CAPE exam; may need to fork the entire project and merge this pull request into the fork if it isn't in the tree by then.
It's been a full week since this was requested; any updates? I was hoping this would be in the tree prior to my late June to early July attempt at the CAPE exam; may need to fork the entire project and merge this pull request into the fork if it isn't in the tree by then.
Hi and thanks for the interest in the module. However, there are still a ton of other Pull Requests open, waiting for a review. (Un-)Fortunately there are so many great PRs in the last few months that we can't keep up with the rate of new ones coming in. Remember, all of the work on NetExec happens in our free time and I will prioritise bug fixes over new features most of the time.
I will see if I can move it up the priority list, but if we aren't fast enough always feel free to use a forked version.
It's been a full week since this was requested; any updates? I was hoping this would be in the tree prior to my late June to early July attempt at the CAPE exam; may need to fork the entire project and merge this pull request into the fork if it isn't in the tree by then.
Feel free to just clone and build nxc from my branch for your exam, I try to keep it updated from the main branch so you would also profit from recents fixes. For my part, I'm not in an hurry to get this PR merged, I've done this on a lunch break and it doesn't bring any big feature, just a small addition that I find somewhat cool.
It's been a full week since this was requested; any updates? I was hoping this would be in the tree prior to my late June to early July attempt at the CAPE exam; may need to fork the entire project and merge this pull request into the fork if it isn't in the tree by then.
you don't have to mess with branches n such.
1- install netexec with pipx
2- wget https://raw.githubusercontent.com/Pennyw0rth/NetExec/02b1361c852bf6ad7037db6bba5b5f564e570572/nxc/modules/drop-library-ms.py -O ~/.local/share/pipx/venvs/netexec/lib/*/site-packages/nxc/modules/
3- done
just mind that copied modules being deleted every update by pipx upgrade.
Note for future me: we should probably merge all the "drop stuff on share" modules (slinky, scuffy, drop-sc, drop-library-ms) into one, similar to coerce_plus.
@XedSama do you have twitter/linkedin?
Yep sure, my twitter is @Xed_sama and my LinkedIn is https://www.linkedin.com/in/guillaume-tiger-55a0611a4
Note for future me: we should probably merge all the "drop stuff on share" modules (slinky, scuffy, drop-sc, drop-library-ms) into one, similar to coerce_plus.
ahaha its already on the way, just tweaking a couple things. PR incoming soon
Note for future me: we should probably merge all the "drop stuff on share" modules (slinky, scuffy, drop-sc, drop-library-ms) into one, similar to coerce_plus.
ahaha its already on the way, just tweaking a couple things. PR incoming soon
Awesome haha