Possibly Related Threads…

caca28sapo1 · 04-10-2025, 07:51 PM

Windows Explorer automatically initiates an SMB authentication request when a .library-ms file is extracted from a .rar archive, leading to NTLM hash disclosure. The user does not need to open or execute the file—simply extracting it is enough to trigger the leak.

usage:

>>python poc.py

>>enter file name: your file name

>>enter IP: attacker IP

Link:

Hidden Content

You must register or login to view this content.

qian30090 · 04-11-2025, 01:52 AM

Thanks, this worked for me

krypt0n1337 · 04-11-2025, 03:25 AM

nice mind blowing content from u brother

oralnephew · 04-11-2025, 07:44 AM

Thanks, will give this a try!
If I end up writing anything myself I will create a new thread and credit you.

tr1nit1s · 04-11-2025, 07:47 AM

Thank you! I will give it a try

grainchord · 04-11-2025, 08:13 AM

Thanks for sharing, not seen this one before

taw27409 · 04-11-2025, 09:22 AM

Thank you for poc

wut · 04-11-2025, 09:59 AM

Thanks for sharing, lemme check

ACT111 · 04-11-2025, 12:47 PM

Thank you very much. I really need this.

shodanuser · 04-11-2025, 03:39 PM

I don’t know abt that

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	CVE-2025-29927 - POC	loganpaul09	26	1,175	08-06-2025, 01:12 PM Last Post: Fuc0
	Nginx RCE - 2025 - March	loganpaul09	5	441	08-04-2025, 01:58 AM Last Post: CLOBELSECTEAM
	CVE-2025-47812 - Wing FTP Server Remote Code Execution (RCE)	thermos	7	364	08-03-2025, 08:21 PM Last Post: handsomexxxxxy
	!Next.js Middleware Bypass (CVE-2025-29927)	Rat1337	16	747	08-03-2025, 11:17 AM Last Post: icebear223
	CVE-2025-53770 - Microsoft Sharepoint Unauthenticated RCE	antisocial	1	178	07-28-2025, 10:50 AM Last Post: Krypt3d4ng3l