来源

关联漏洞

描述

ProxyLogon (CVE-2021-26855+CVE-2021-27065) Exchange Server RCE (SSRF->GetWebShell)

介绍

# ProxyLogon
ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin. We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution.


## ProxyLogon For Python3
```python
usage:
    sudo python3 proxylogon.py --host=target.com --mail=admin@target.com
    sudo python3 proxylogon.py --host=target.com --mails=./mails.txt
```


## ProxyLogon For Go
```go
usage:
    go run proxylogon.go -u target.com -e admin@target.com
```



#### Tips:
1) recon target to find valid email address
2) if you do not find any email, use bruteforce target with your email file.
3) in some target automation exploit not work, you should bruteforce SID and replace in SID=500

### manual pentest 
```python
sudo python2 /manual/check.py 
sudo python2 /manual/shell.py 
sudo python2 /manual/brute.py 
```

<img src="/img/1.png" width="800px" />
<img src="/img/2.png" width="800px" />
<img src="/img/3.png" width="800px" />
<img src="/img/4.png" width="800px" />
<img src="/img/5.png" width="800px" />


#### references
* [proxylogon](https://proxylogon.com/)

文件快照

 [4.0K]  /data/pocs/1d3360084516a0d4002288ee31926c79e47187f5
├── [  86]  go.mod
├── [1.2K]  go.sum
├── [4.0K]  img
│   ├── [142K]  1.png
│   ├── [ 81K]  2.png
│   ├── [181K]  3.png
│   ├── [ 83K]  4.png
│   └── [ 78K]  5.png
├── [6.9K]  LICENSE
├── [4.0K]  manual
│   ├── [3.1K]  brute.py
│   ├── [ 12K]  check.py
│   └── [1.7K]  shell.py
├── [ 16K]  proxylogon.go
├── [ 11K]  proxylogon.py
└── [1.2K]  README.md

2 directories, 14 files

备注