# Microsoft Exchange Server 远程代码执行漏洞
## 概述
Microsoft Exchange Server 存在一个远程代码执行漏洞,攻击者可以通过该漏洞在目标系统上执行任意代码。
## 影响版本
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
## 细节
攻击者可以通过向特定服务发送恶意构造的请求利用此漏洞,从而在目标主机上执行任意代码。该漏洞存在于 Exchange Server 的某些组件中,如果这些组件可以被外部网络访问,那么攻击者无需通过身份验证即可发动攻击。
## 影响
成功利用该漏洞可使攻击者完全控制受影响的系统,进一步可能导致数据泄露、系统功能被破坏或用于发起其他攻击。
是否为 Web 类漏洞: 是
判断理由:
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | IoC determination for exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065. | https://github.com/sgnls/exchange-0days-202103 | POC详情 |
| 2 | A PowerShell script to identify indicators of exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865 | https://github.com/soteria-security/HAFNIUM-IOC | POC详情 |
| 3 | Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) | https://github.com/cert-lv/exchange_webshell_detection | POC详情 |
| 4 | Microsoft Exchange Server SSRF漏洞(CVE-2021-26855) | https://github.com/conjojo/Microsoft_Exchange_Server_SSRF_CVE-2021-26855 | POC详情 |
| 5 | This script helps to identify CVE-2021-26855 ssrf Poc | https://github.com/pussycat0x/CVE-2021-26855-SSRF | POC详情 |
| 6 | CVE-2021-26855 SSRF Exchange Server | https://github.com/La3B0z/CVE-2021-26855-SSRF-Exchange | POC详情 |
| 7 | Module pack for #ProxyLogon (part. of my contribute for Metasploit-Framework) [CVE-2021-26855 && CVE-2021-27065] | https://github.com/mekhalleh/exchange_proxylogon | POC详情 |
| 8 | POC of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865, ProxyLogon poc | https://github.com/Yt1g3r/CVE-2021-26855_SSRF | POC详情 |
| 9 | CVE-2021-26855 exp | https://github.com/hackerxj007/CVE-2021-26855 | POC详情 |
| 10 | A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). | https://github.com/dwisiswant0/proxylogscan | POC详情 |
| 11 | This script test the CVE-2021-26855 vulnerability on Exchange Server. | https://github.com/mauricelambert/ExchangeWeaknessTest | POC详情 |
| 12 | CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 | https://github.com/DCScoder/Exchange_IOC_Hunter | POC详情 |
| 13 | PoC exploit code for CVE-2021-26855 | https://github.com/srvaccount/CVE-2021-26855-PoC | POC详情 |
| 14 | None | https://github.com/h4x0r-dz/CVE-2021-26855 | POC详情 |
| 15 | None | https://github.com/alt3kx/CVE-2021-26855_PoC | POC详情 |
| 16 | CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. | https://github.com/raheel0x01/CVE-2021-26855 | POC详情 |
| 17 | PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github | https://github.com/hackerschoice/CVE-2021-26855 | POC详情 |
| 18 | CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 | https://github.com/SCS-Labs/HAFNIUM-Microsoft-Exchange-0day | POC详情 |
| 19 | Scanner and PoC for CVE-2021-26855 | https://github.com/KotSec/CVE-2021-26855-Scanner | POC详情 |
| 20 | RCE exploit for Microsoft Exchange Server (CVE-2021-26855). | https://github.com/hakivvi/proxylogon | POC详情 |
| 21 | CVE-2021-26855: PoC (Not a HoneyPoC for once!) | https://github.com/ZephrFish/Exch-CVE-2021-26855 | POC详情 |
| 22 | RCE exploit for ProxyLogon vulnerability in Microsoft Exchange | https://github.com/mil1200/ProxyLogon-CVE-2021-26855 | POC详情 |
| 23 | CVE-2021-26855 & CVE-2021-27065 | https://github.com/evilashz/ExchangeSSRFtoRCEExploit | POC详情 |
| 24 | patched to work | https://github.com/ZephrFish/Exch-CVE-2021-26855_Priv | POC详情 |
| 25 | None | https://github.com/Mr-xn/CVE-2021-26855-d | POC详情 |
| 26 | ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin. We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution. | https://github.com/RickGeex/ProxyLogon | POC详情 |
| 27 | Chaining CVE-2021-26855 and CVE-2021-26857 to exploit Microsoft Exchange | https://github.com/Immersive-Labs-Sec/ProxyLogon | POC详情 |
| 28 | None | https://github.com/shacojx/Scan-Vuln-CVE-2021-26855 | POC详情 |
| 29 | CVE-2021-26855 proxyLogon metasploit exploit script | https://github.com/TaroballzChen/ProxyLogon-CVE-2021-26855-metasploit | POC详情 |
| 30 | ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell) | https://github.com/p0wershe11/ProxyLogon | POC详情 |
| 31 | None | https://github.com/shacojx/CVE-2021-26855-exploit-Exchange | POC详情 |
| 32 | Microsoft Exchange Proxylogon Exploit Chain EXP分析 | https://github.com/catmandx/CVE-2021-26855-Exchange-RCE | POC详情 |
| 33 | analytics ProxyLogo Mail exchange RCE | https://github.com/hictf/CVE-2021-26855-CVE-2021-27065 | POC详情 |
| 34 | Proof-of-concept exploit for CVE-2021-26855 and CVE-2021-27065. Unauthenticated RCE in Exchange. | https://github.com/praetorian-inc/proxylogon-exploit | POC详情 |
| 35 | C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection | https://github.com/Flangvik/SharpProxyLogon | POC详情 |
| 36 | [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains. | https://github.com/hosch3n/ProxyVulns | POC详情 |
| 37 | 針對近期微軟公布修補遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現安全漏洞後,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使用的遠端程式碼執行 (Pre-Auth Remote Code Execution;Pre-Auth RCE)零日漏洞(Zero-day exploit),可讓攻擊者得以繞過身份驗證步驟,驅使系統管理員協助執行惡意文件或執行指令,進而觸發更廣泛的攻擊。 「ProxyLogon」是微軟近期被揭露最重大的RCE漏洞之一,DEVCORE團隊遵循責任揭露 (Responsible Disclosure)原則,在發現後便第一時間立即於今年1月5日通報微軟進行修補,避免該漏洞遭有心人士利用,造成全球用戶重大損失。而微軟遂於3月2日針對相關漏洞釋出安全更新,避免用戶機敏資訊遭受惡意攻擊。個人想法:遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使用的遠端程式碼執行 (Pre-Auth Remote Code Execution;Pre-Auth RCE)零日漏洞(Zero-day exploit),可讓攻擊者得以繞過身份驗證步驟,驅使系統管理員協助執行惡意文件或執行指令,進而觸發更廣泛的攻擊。 「ProxyLogon」是微軟近期被揭露最重大的RCE漏洞之一,DEVCORE團隊遵循責任揭露 (Responsible Disclosure)原則,在發現後便第一時間立即於今年1月5日通報微軟進行修補,避免該漏洞遭有心人士利用,造成全球用戶重大損失。而微軟遂於3月2日針對相關漏洞釋出安全更新,避免用戶機敏資訊遭受惡意攻擊。個人想法:微軟是大眾常用的軟體之一,駭客只要察覺漏洞就會進行惡意的攻擊,微軟公布4個Exchange Server的安全漏洞後,就遭受駭客的惡意攻擊,這件事的發生,微軟需更加小心並提高資安的防護。 | https://github.com/Nick-Yin12/106362522 | POC详情 |
| 38 | C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode in… | https://github.com/yaoxiaoangry3/Flangvik | POC详情 |
| 39 | Microsoft Exchange ProxyLogon PoC (CVE-2021-26855) | https://github.com/thau0x01/poc_proxylogon | POC详情 |
| 40 | C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode in… | https://github.com/1342486672/Flangvik | POC详情 |
| 41 | CVE-2021-26855 | https://github.com/TheDudeD6/ExchangeSmash | POC详情 |
| 42 | ProxyLogon (CVE-2021-26855+CVE-2021-27065) Exchange Server RCE (SSRF->GetWebShell) | https://github.com/kh4sh3i/ProxyLogon | POC详情 |
| 43 | Tool to search for IOCs related to HAFNIUM: CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 | https://github.com/byinarie/Zirconium | POC详情 |
| 44 | Microsoft Exchange CVE-2021-26855&CVE-2021-27065 | https://github.com/ssrsec/Microsoft-Exchange-RCE | POC详情 |
| 45 | None | https://github.com/iceberg-N/cve-2021-26855 | POC详情 |
| 46 | Clone from gist | https://github.com/timb-machine-mirrors/testanull-CVE-2021-26855_read_poc.txt | POC详情 |
| 47 | None | https://github.com/MacAsure/cve-2021-26855 | POC详情 |
| 48 | None | https://github.com/glen-pearson/ProxyLogon-CVE-2021-26855 | POC详情 |
| 49 | CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. | https://github.com/r0xdeadbeef/CVE-2021-26855 | POC详情 |
| 50 | None | https://github.com/ShyTangerine/cve-2021-26855 | POC详情 |
| 51 | This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file. Be aware his CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-27078. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-26855.yaml | POC详情 |
| 52 | CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. | https://github.com/r0xDB/CVE-2021-26855 | POC详情 |
| 53 | CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. | https://github.com/R0XDEADBEEF/CVE-2021-26855 | POC详情 |
| 54 | None | https://github.com/Wercd/CVE-2021-26855 | POC详情 |
| 55 | None | https://github.com/antichown/Scan-Vuln-CVE-2021-26855 | POC详情 |
| 56 | None | https://github.com/haotiku/CVE-2021-26855-exploit-Exchange | POC详情 |
暂无评论