CVE-2025-50154

This PowerShell script generates a malicious LNK file that triggers NTLMv2-SSP hash disclosure by forcing Windows Explorer to fetch an icon from a remote SMB share. It exploits CVE-2025-50154, a patch bypass for CVE-2025-24054, to leak authentication hashes.

This repository contains a functional PowerShell script that generates a malicious .LNK file to trigger NTLMv2-SSP hash disclosure in Windows File Explorer via SMB. The exploit bypasses a Microsoft patch by using a remote SMB-hosted binary to force icon extraction.

This repository provides a PowerShell script for auditing and hardening NTLM/SMB configurations to mitigate vulnerabilities like CVE-2025-50154. It includes registry checks, firewall rule assessments, and allowlist management for SMB/NTLM traffic.

This repository contains a functional exploit for CVE-2025-50154, targeting a Windows File Explorer vulnerability. The exploit generates a malicious .lnk file and includes functionality to crack NTLM hashes using Hashcat.

This repository contains a Cobalt Strike Aggressor script that weaponizes LNK and Library-MS files to capture NTLMv2-SSP hashes via SMB. It includes a standalone PowerShell script and integrates with Cobalt Strike for red team operations.