NetExec icon indicating copy to clipboard operation
NetExec copied to clipboard
verified publisher icon Pennyw0rth

Module request: drop_library

Open kennystrawnmusic opened this issue 9 months ago • 2 comments

Please Describe The Problem To Be Solved CVE-2025-24054 is a vulnerability that allows, in a fashion very similar to several other methods already covered by the scuffy, slinky, and drop-sc modules, NetNTLMv2 hash exfiltration via write access to SMB shares. However, this requires manual exploitation at the moment. Therefore, it would be very helpful to have an analogous module to go along with the other three that already drop .scf, .lnk, and .searchconnector-ms files, respectively, to drop .library-ms files that achieve the same result.

kennystrawnmusic avatar Apr 20 '25 22:04 kennystrawnmusic

Definitely something nice to have! Thanks for the idea

NeffIsBack avatar Apr 22 '25 22:04 NeffIsBack

I'm working on a module implementing the attack, heavily influenced by the code of drop_sc, slinky and others. The code is quite basic but currently I can't get any hashs from this method (I working with a basic GOAD environment, without recent update).

EDIT : It work now, I just missed some typo in the payload. I'll create a PR soon

XedSama avatar Apr 24 '25 11:04 XedSama