Taggart: ~# 

I'm once again asking if _anyone_ has seen the PoCs for #CVE202323397 actually work against remote targets.

MDSec demo: local attack
Hammond's demo: local attack
My own testing: local attack

With both flavors of PoC right now, I can only get this thing to trigger on my own machine, but not recipients. The invite is received, but the SMB server is not contacted by the target. I'm wondering if we're missing something here.

#InfoSec #ThreatIntel #CyberSecurity

Mar 17, 2023 at 8:06pmWeb
Show threadTaggart: ~# Mar 17, 2023
UPDATE: I got it working, but not with existing PoCs.
Show threadTaggart: ~# Mar 17, 2023

Here it is, the code that successfully exploited #CVE202323397 remotely.

It turns out that the ReminderOverrideDefault, ReminderPlaySound, and ReminderSoundFile properties are available on straight-up emails, not just cal invites. Tasks also, but mail is easiest.

So load this function, then run the function as shown.

The result is you and the recipient will have hashes disclosed to the remote SMB server.