Possibly Related Threads…

caca28sapo1 · 04-10-2025, 07:51 PM

Windows Explorer automatically initiates an SMB authentication request when a .library-ms file is extracted from a .rar archive, leading to NTLM hash disclosure. The user does not need to open or execute the file—simply extracting it is enough to trigger the leak.

usage:

>>python poc.py

>>enter file name: your file name

>>enter IP: attacker IP

Link:

Hidden Content

You must register or login to view this content.

qian30090 · 04-11-2025, 01:52 AM

Thanks, this worked for me

krypt0n1337 · 04-11-2025, 03:25 AM

nice mind blowing content from u brother

oralnephew · 04-11-2025, 07:44 AM

Thanks, will give this a try!
If I end up writing anything myself I will create a new thread and credit you.

tr1nit1s · 04-11-2025, 07:47 AM

Thank you! I will give it a try

grainchord · 04-11-2025, 08:13 AM

Thanks for sharing, not seen this one before

taw27409 · 04-11-2025, 09:22 AM

Thank you for poc

wut · 04-11-2025, 09:59 AM

Thanks for sharing, lemme check

ACT111 · 04-11-2025, 12:47 PM

Thank you very much. I really need this.

shodanuser · 04-11-2025, 03:39 PM

I don’t know abt that

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	new wordpress website takeover vuln (video + poc )	zinzeur	313	27,277	03-28-2026, 02:43 AM Last Post: toshi99
	[POC] Google OAuth "MultiLogin" endpoint 0-day	Farfallaiero	106	13,201	02-10-2026, 03:34 PM Last Post: birhikayemvar
	Cool Remote Patching ETW/Amsi PoC	pepeloco	6	2,092	02-08-2026, 07:58 AM Last Post: zeroday99
	CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC	miyako	3	73	02-07-2026, 03:32 PM Last Post: cysc
	HPE OneView RCE Exploit [CVE-2025-37164]	Hawx01	8	261	02-06-2026, 07:08 PM Last Post: hacker0123