CVE-2020-17144 PoC — Microsoft Exchange Server 代码问题漏洞

Source

https://github.com/zcgonvh/CVE-2020-17144

Associated Vulnerability

Title:Microsoft Exchange Server 代码问题漏洞 (CVE-2020-17144)
Description:Microsoft Exchange Server是美国微软（Microsoft）公司的一套电子邮件服务程序。它提供邮件存取、储存、转发，语音邮件，邮件过滤筛选等功能。 Microsoft Exchange Server 存在代码问题漏洞，远程攻击者利用该漏洞可执行代码。以下产品及版本受到影响:Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 31。

Description

weaponized tool for CVE-2020-17144

Readme

## weaponized tool for CVE-2020-17144(Microsoft Exchange 2010 MRM.AutoTag.Model unsafe deserialize vulnerability)

### build

install .net framework 3.5 first, then `make`. 

### usage
	CVE-2020-17144 <target> <user> <pass>

After exploit, access http://[target]/ews/soap/?pass=whoami to get command execution.

![](https://raw.githubusercontent.com/zcgonvh/CVE-2020-17144/master/exp.jpg)

And you can also modify e.cs as a customize exp.

for more information, read [my-blog-post](http://www.zcgonvh.com/post/analysis_of_CVE-2020-17144_and_to_weaponizing.html)(in chinese).

File Snapshot


 [4.0K]  /data/pocs/4dbd26478a35332d4d311b48bcd60a8155262ce2
├── [8.3K]  CVE-2020-17144.cs
├── [2.5K]  e.cs
├── [6.9K]  exp.jpg
├── [ 169]  make.bat
├── [1.0M]  Microsoft.Exchange.WebServices.dll
└── [ 574]  README.md

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!