Skip to content

This repository contains an exploit for targeting Microsoft Outlook through Exchange Online, leveraging a vulnerability to execute arbitrary code via COM DLLs. The exploit utilizes a modified version of Ruler to send a malicious form as an email, triggering the execution upon user interaction within the Outlook thick client.

Notifications You must be signed in to change notification settings

d0rb/CVE-2024-21378

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 

Repository files navigation

🇮🇱 #BringThemHome #NeverAgainIsNow 🇮🇱

We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home. https://stories.bringthemhomenow.net/

🛡️ CVE-2024-21378

This repository contains an exmple of an exploit for targeting Microsoft Outlook through Exchange Online, leveraging a vulnerability to execute arbitrary code via COM DLLs. The exploit utilizes a modified version of Ruler to send a malicious form as an email, triggering the execution upon user interaction within the Outlook thick client. Exploit Overview

The exploit works by obtaining access tokens via device code phishing/vishing, then crafting a COM compliant DLL that is sent as a form attachment using Ruler. The user interaction within Outlook is required to trigger the form execution, leading to the loading of the malicious DLL into the Outlook process. Instructions

Obtain refresh tokens via device code phishing/vishing.
Compile a COM DLL containing the desired code.
Modify the provided Python script with the target URL, access token, recipient email, DLL path, and CLSID.
Run the Python script to send the malicious form to the target Outlook account.
Wait for the user to interact with the email in the Outlook client to trigger the execution.

Requirements

Python 3.x
Requests library (pip install requests)

Disclaimer

This exploit is for educational purposes only. Misuse of this tool may violate laws and regulations. Use responsibly and only on systems you are authorized to test.

About

This repository contains an exploit for targeting Microsoft Outlook through Exchange Online, leveraging a vulnerability to execute arbitrary code via COM DLLs. The exploit utilizes a modified version of Ruler to send a malicious form as an email, triggering the execution upon user interaction within the Outlook thick client.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages