CVE-2025-24071 - NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File - Printable Version +- Dark C0d3rs (https://darkcoders.wiki) +-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log) +--- Forum: CVE Details (https://darkcoders.wiki/Forum-CVE-Details) +--- Thread: CVE-2025-24071 - NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File (/Thread-CVE-2025-24071-NTLM-Hash-Leak-via-RAR-ZIP-Extraction-and-library-ms-File)

CVE-2025-24071 - NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File - hashXploiter - 03-21-2025 Windows Explorer automatically initiates an SMB authentication request when a .library-ms file is extracted from a .rar archive, leading to NTLM hash disclosure. The user does not need to open or execute the file—simply extracting it is enough to trigger the leak. blog post: You are not allowed to view links. Register or Login to view. POC: You are not allowed to view links. Register or Login to view. >>python poc.py >>enter file name: your file name >>enter IP: attacker IP