mirror of https://github.com/hak5/omg-payloads.git
50 lines
1.7 KiB
Plaintext
50 lines
1.7 KiB
Plaintext
REM ########################################################
|
|
REM # |
|
|
REM # Title : Defend Yourself From CVE-2023-23397 |
|
|
REM # Author : Aleff |
|
|
REM # Version : 1.0 |
|
|
REM # Category : Credentials |
|
|
REM # Target : Windows 10/11 |
|
|
REM # |
|
|
REM ########################################################
|
|
|
|
REM PlugAndPlay <3
|
|
|
|
REM Requirements:
|
|
REM - ExecutionPolicy Bypass
|
|
|
|
REM Impacted Products:
|
|
REM - All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
|
|
|
|
REM Mitigation:
|
|
REM - Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
|
|
REM Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
|
|
|
|
DELAY 1000
|
|
GUI x
|
|
DELAY 500
|
|
STRING a
|
|
DELAY 500
|
|
LEFTARROW
|
|
DELAY 500
|
|
ENTER
|
|
|
|
REM Import NetSecurity module
|
|
STRINGLN Import-Module NetSecurity
|
|
|
|
REM Create a new firewall rule for blocking outgoing connections on port 445
|
|
STRINGLN_BLOCK
|
|
$rule = New-NetFirewallRule -DisplayName "CVE-2023-23397" `
|
|
-Direction Outbound `
|
|
-Action Block `
|
|
-Protocol TCP `
|
|
-RemotePort 445
|
|
END_STRINGLN
|
|
|
|
REM Enable firewall rule
|
|
STRINGLN Enable-NetFirewallRule -Name $rule.Name
|
|
DELAY 500
|
|
|
|
REM See your new rule
|
|
STRINGLN Get-NetFirewallRule | Where-Object { $_.DisplayName -eq "CVE-2023-23397" }
|