CVE-2021-26855 SSRF Exchange Server

Related tags

Security related resources cve-2021-26855
Overview

CVE-2021-26855 Brute Force EMail Exchange Server

Timeline:

Monday, March 8, 2021: Update Dumping content...(I'm not done, can u guy help me done this code ;-;)

Tuesday, March 9, 2021: Remake to simple check valid mail

Wednesday, March 10, 2021: Maybe im done this script, now im waiting true cve pre-auth rce

Sometime, some server extract domain tld is wrong
Download users.txt list from github or u find it with Google Dork: intext:'@domain.ltd'

Shodan


https://beta.shodan.io/search?query=http.component%3A%22outlook+web+app%22
https://beta.shodan.io/search?query=http.html%3A%22%2Fowa%22

Fofa


https://fofa.so/result?q=title%3D%22Outlook+Web+App%22
https://fofa.so/result?q=%22%2Fowa%22&qbase64=Ii9vd2Ei
https://gist.githubusercontent.com/pikpikcu/fb604e01a7555adb1577a2fbc856022d/raw/ef3025f809c6ca87d22f01914b230d35f39c0ac2/fofa%2520dork-CVE-2021-26855.md

Zoomeye


https://www.zoomeye.org/searchResult?q=%2Fowa

Comments
  • IndexError: list index out of range

    IndexError: list index out of range

    msExchEcpCanary = ct.headers['set-cookie'].split("msExchEcpCanary=")[1].split(";")[0] IndexError: list index out of range

    its mean target, not vuln? or it's my fault?

    opened by saeidshirazi 13
  • TypeError: a bytes-like object is required, not 'str'

    TypeError: a bytes-like object is required, not 'str'

    Traceback (most recent call last): File "C:\Users\m\Desktop\logs\New folder (2)000\Proxylogon-main\Proxylogon-main\proxylogon.py", line 75, in if "" not in ct.content: TypeError: a bytes-like object is required, not 'str'

    opened by MElbeshti 5
  • commands not executing

    commands not executing

    why is it possible to execute first time and get shell and receive responses from commands , the shell exists cause no 404 when you browse to it. but no commands executes or no results from command execution are returned ?

    opened by donjuanme 2
  • rbacRole not found

    rbacRole not found

    Got DN: /o=World Travel Centre/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=b80cd5b02dad4e0ebf16849183dc4c63-Admi Got SID: S-1-5-21-2867433882-3978468204-2437582583-500 Got session id: ba6e26b3-7120-4304-9950-becbd76c41f0 Got canary: 5Ip_ftGCY0utXt3RmuTR94N4jDAc6dgINADzDVSNY2XHZRQoH5Yal_ukueMSQVWRGqn1PQNuMhM. Wrong canary! Sometime we can skip this ... Traceback (most recent call last): File "c:\Users\undercover\Desktop\PX\Proxylogon-main\proxylogon.py", line 119, in rbacRole = ct.text.split("RBAC roles: ")[1].split("")[0] IndexError: list index out of range

    ============================ how can fix this? tested on some target all of them have this issue

    tested on win10 python 3.9

    opened by saeidshirazi 2
  • GetOAB Error!

    GetOAB Error!

    Got DN: /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=ab24791970e14c0dbb35163b29e8e456-admin Got SID: S-1-5-21-3765238651-1946275754-3596023858-500 Got session id: c31306a9-aa11-4d3d-8be9-842e3fad4cc7 Got canary: zVii2pyG8kO0KCxGS8M7noulX4-v79gIagXzNJWTeU5qDbTZSj-XrxxiQcxExTSjeV6VwDJfvPE. =========== It means good to go!!!==== GetOAB Error!

    any idea on what the issue maybe here?

    opened by donjuanme 1
  • email view and download

    email view and download

    any chance of you adding the feature of mail view or download for a valid user ?

    as i understand it, with the proxylogon bug you can view emails and download emails of a valid email without knowing the password of that email

    opened by donjuanme 1
  • This error has been fixed

    This error has been fixed

    File "proxylogon.py", line 98 if ct.status_code != 241 or not "msExchEcpCanary" in ct.headers["Set-Cookie"]::

    SyntaxError: invalid syntax

    opened by MrCakeGuy 1
  • Access Denied

    Access Denied

    Hello when i checked server its condition seems vulnerable but when i try to read messages from email it says Access Denied what i can do as remedy ? Thx

    opened by HJ23 1
  • File ">

    File "proxylogon.py", line 65, in

    Hey, can u help me plz? What do i wrong?

    Attacking target ex01.test.local

    Got DN: /o=test/ou=Exchange Administrative Group (FYDIBOHF9546LRG)/cn=Recipients/cn=user5e1sdf71 Traceback (most recent call last): File "proxylogon.py", line 65, in mapi_body = legacyDn + "\x00\x00\x00\x00\x00\xe4\x04\x00\x00\x09\x04\x00\x00\x09\x04\x00\x00\x00\x00\x00\x00" UnicodeDecodeError: 'ascii' codec can't decode byte 0xe4 in position 5: ordinal not in range(128)

    opened by 13Ragna37 0
Owner
lulz
retarded kid trying to use internet
lulz
GitHub
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

ExProlog ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Usage: exprolog.py [OPTIONS] ExProlog -

Herwono W. Wijaya 130 Dec 15, 2022
PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

CVE-2021-26855 PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github Why does github remove this exploit because

The Hacker's Choice 58 Nov 15, 2022
Microsoft Exchange Server SSRF漏洞(CVE-2021-26855)

Microsoft_Exchange_Server_SSRF_CVE-2021-26855 zoomeye dork:app:"Microsoft Exchange Server" 使用Seebug工具箱及pocsuite3编写的脚本Microsoft_Exchange_Server_SSRF_CV

conjojo 37 Nov 12, 2022
PoC for CVE-2021-26855 -Just a checker-

CVE-2021-26855 PoC for CVE-2021-26855 -Just a checker- Usage python3 CVE-2021-26855.py -u https://mail.example.com -c example.burpcollaborator.net # C

Abdullah AlZahrani 17 Dec 22, 2022
CVE-2021-26855: PoC (Not a HoneyPoC for once!)

Exch-CVE-2021-26855 ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker b

ZephrFish 24 Nov 14, 2022
exchange-ssrf-rce

Usage python3 .\exchange-exp.py -------------------------------------------------------------------------------- |

Jen 76 Nov 9, 2022
Some Attacks of Exchange SSRF ProxyLogon&ProxyShell

Some Attacks of Exchange SSRF This project is heavily replicated in ProxyShell, NtlmRelayToEWS https://mp.weixin.qq.com/s/GFcEKA48bPWsezNdVcrWag Get 1

Jumbo 129 Dec 30, 2022
Apache Solr SSRF(CVE-2021-27905)

Solr-SSRF Apache Solr SSRF #Use [-] Apache Solr SSRF漏洞 (CVE-2021-27905) [-] Options: -h or --help : 方法说明 -u or --url

Henry4E36 70 Nov 9, 2022
DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

dnspooq DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) For educational purposes only Requirements Docker compo

Teppei Fukuda 80 Nov 28, 2022
Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket.

PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket

Oliver Lyak 140 Dec 27, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Known issues it will not work outside kali , i will update it

Hossam 867 Dec 22, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287

noPac Exploiting CVE-2021-42278 and CVE-2021-42287 原项目noPac在实现上可能有点问题,导致在本地没有打通,于是参考sam-the-admin项目进行修改。 使用 pip3 install -r requirements.txt # GetShel

W4ter 2 Jun 23, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202

Evi1cg 500 Jan 6, 2023
Details,PoC and patches for CVE-2021-45383 & CVE-2021-45384

CVE-2021-45383 & CVE-2021-45384 There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Serv

null 20 Apr 7, 2022
A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF

Allyson O'Malley 118 Nov 7, 2022
ProxyLogon Pre-Auth SSRF To Arbitrary File Write

ProxyLogon Pre-Auth SSRF To Arbitrary File Write For Education and Research Usage: C:\>python proxylogon.py mail.evil.corp [email protected] At

lulz 117 Nov 28, 2022
SSRF search vulnerabilities exploitation extended.

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters).

Andri Wahyudi 13 Jul 4, 2021
This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate

Ashish Kunwar 33 Sep 23, 2022
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

Krypt0mux 162 Nov 25, 2022