Possibly Related Threads…

caca28sapo1 · Apr 10, 2025, 07:51 PM

Windows Explorer automatically initiates an SMB authentication request when a .library-ms file is extracted from a .rar archive, leading to NTLM hash disclosure. The user does not need to open or execute the file—simply extracting it is enough to trigger the leak.

usage:

>>python poc.py

>>enter file name: your file name

>>enter IP: attacker IP

Link:

Hidden Content

You must register or login to view this content.

qian30090 · Apr 11, 2025, 01:52 AM

Thanks, this worked for me

krypt0n1337 · Apr 11, 2025, 03:25 AM

nice mind blowing content from u brother

oralnephew · Apr 11, 2025, 07:44 AM

Thanks, will give this a try!
If I end up writing anything myself I will create a new thread and credit you.

tr1nit1s · Apr 11, 2025, 07:47 AM

Thank you! I will give it a try

grainchord · Apr 11, 2025, 08:13 AM

Thanks for sharing, not seen this one before

taw27409 · Apr 11, 2025, 09:22 AM

Thank you for poc

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | https://breachforums.rs/Forum-Ban-Appeals if you feel this is incorrect.

wut · Apr 11, 2025, 09:59 AM

Thanks for sharing, lemme check

ACT111 · Apr 11, 2025, 12:47 PM

Thank you very much. I really need this.

shodanuser · Apr 11, 2025, 03:39 PM

I don’t know abt that

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	{SECRET} DATABASE OF EXPLOITS	lulagain	440	27,670	May 07, 2026, 09:44 PM Last Post: caribou
	Dokan Pro Unauthenticated SQL Injection POC \| CVSS 10	Loki	44	4,045	May 07, 2026, 04:45 PM Last Post: Insulina
	[POC] Google OAuth "MultiLogin" endpoint 0-day	Farfallaiero	108	14,110	May 06, 2026, 05:42 PM Last Post: nobcoderfck
	Ban Any Discord Exploit	phineasfisherman	7	541	May 06, 2026, 10:16 AM Last Post: sniperx86
	New Zer0 Day Wordpress	A3g00n	81	3,596	May 05, 2026, 03:06 AM Last Post: DirtyEra