- Цена
- 5000$
- Контакты
- https://t.me/FortiGuard_Ops
Critical vulnerability in Windows allows an NTLM hash leak via automatic file handling when simply opening a folder or network share (0-click). This vulnerability is a 0-click version of a known flaw that required file extraction from an archive in its original exploit.
No user interaction required Automatic NTLMv2 hash leak when opening a folder or network share Not blocked by traditional security measures Works without extracting files Ideal for mass exploitation
Example of Usage
Step 1: DeliveryAn attacker can place a file in a network folder or shared resource. The file can be easily delivered to the system and hidden from the user. The vulnerability is triggered simply by opening the folder or network resource where the file is located, with no need to extract or run it.
Step 2: Execution- No user interaction required: When opening the folder or network share with the file, NTLM hash information is automatically sent to the attacker’s server.
- NTLM hash leak: All of this happens in the background without the user’s knowledge, allowing the attacker to collect system credentials.
Step 3: Further Exploitation- Use NTLM hashes to gain further access to internal systems or launch attacks against other resources
- Access to internal data and escalate privileges within the corporate network
- Lateral movement across the network without triggering traditional defense mechanisms
CVSS v3.1: 7.5 (High)
Attack Vector: Local (AV:L)
Exploit Complexity: Low (AC:L)
Privileges Required: None (PR:N)
User Interaction: None (UI:N)
Impact: Credential leak (C:H/I:H/A:H)
The 0-click version allows attackers to automatically extract NTLM hashes when opening a folder or network resource, providing a stealthy and efficient method for collecting credentials without user interaction.
Последнее редактирование модератором:
