Day 20 – Starting to feel a little more human again now as the cold/flu seems to be shifting!
Today’s room we learn about the Moniker Link CVE (CVE-2024-21413) which was an issue for Outlook back in February of 2024.
In this room we are tasked with updating a POC of (CVE-2024-21413) and using responder via the attack box to capture the netNTLMv2 hash which is issued when clicking the link via Outlook on the victim box.
This is a quick room but goes over quite abit about how the link is abused via the file:// link and how this was circumvented by adding “!” into the link e.g –
Updating POC with attack box IP and victim’s IP –
POC Sent to victim via the exploit created via POC –
Victim clicks link in Outlook –
Responder catches the netNTLMv2 hash –
Game over!
Until next time, dont sleepwalk through life!
Jan mayampitaki