init Lets try to exploit the yet-another-windows-vulnerability known as CVE-2023-38146 aka ThemeBleed. To do that we need to create the theme file which will consist of “path” from where the payloads will be delivered.
Please note that as per my testing, the command execution only happens if both the SMB server and the theme file is in the same machine. Pulling dll(s) from remote system appears not to work.
In the attacker machine, you will need to disable the SMB by disabling the Server service from the services.
rezaur rahman
just thinking out loud to help others
cybersecurity researcher
Mars