CVE-2020-0688_Microsoft Exchange default MachineKeySection deserialize vulnerability# CVE-2020-0688
CVE-2020-0688_Microsoft Exchange default MachineKeySection deserialize vulnerability
---
Installation Instruction:
- Download using git (Requires [git](https://git-scm.com/downloads)): `git clone https://github.com/7heKnight/CVE-2020-0688`
- Download Zip File: [https://github.com/7heKnight/CVE-2020-0688/archive/refs/heads/main.zip](https://github.com/7heKnight/CVE-2020-0688/archive/refs/heads/main.zip)
- `pip install urllib3 requests`
```
Usage: python poc.py -s <Server/ip> (Required) -u username (Required) -p password (Required) --proxy (Not Require)
Options:
-h, --help show this help message and exit
-s SERVER Exchange mail Server URL Example: http://ip/owa
-u USER Login account Example: domain\user
-p PASSWORD Password
-c COMMAND Using Command and get output from web's respond
--upload=UPLOAD Upload file and print respond the file location uploaded
--proxy=PROXY Proxy to use. Example: https://127.0.0.1:8080 (Support Only
HTTP and HTTPS)
```
[4.0K] /data/pocs/4779b5b7074681286939b586acfb1a84479d9829
├── [5.1K] command.xml
├── [3.8K] CVE-2020-0688.ps1
├── [1.3M] Microsoft.PowerShell.Editor.dll
├── [1.1K] NULL-File.xml
├── [9.5K] poc.py
├── [1.0K] README.md
├── [2.2K] uploader.xml
└── [4.6K] Upload-Shell.xml
0 directories, 8 files