Microsoft Exchange Deserialization RCE (CVE-2021–42321)
https://peterjson.medium.com/some-notes-about-microsoft-exchange-deserialization-rce-cve-2021-42321-110d04e8852
#exchange #rce #cve #deserialization
https://peterjson.medium.com/some-notes-about-microsoft-exchange-deserialization-rce-cve-2021-42321-110d04e8852
#exchange #rce #cve #deserialization
Medium
Some notes about Microsoft Exchange Deserialization RCE (CVE-2021–42321)
Vietnamese version: https://testbnull.medium.com/some-notes-of-microsoft-exchange-deserialization-rce-cve-2021-42321-f6750243cdcd
APT
Microsoft Exchange Deserialization RCE (CVE-2021–42321) https://peterjson.medium.com/some-notes-about-microsoft-exchange-deserialization-rce-cve-2021-42321-110d04e8852 #exchange #rce #cve #deserialization
Microsoft Exchange Server RCE (PoC)
This PoC just pop
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
#exchange #rce #poc
This PoC just pop
mspaint.exe on the target, can be use to recognize the signature pattern of a successful attack eventhttps://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
#exchange #rce #poc
Gist
PoC of CVE-2021-42321: pop mspaint.exe on the target
PoC of CVE-2021-42321: pop mspaint.exe on the target - CVE-2021-42321_poc.py
Password Spraying and MFA Bypasses
https://www.sprocketsecurity.com/blog/how-to-bypass-mfa-all-day
#ntlm #password #spraying #o365 #exchange #mfa
https://www.sprocketsecurity.com/blog/how-to-bypass-mfa-all-day
#ntlm #password #spraying #o365 #exchange #mfa
Sprocket Security
Password spraying and MFA bypasses in the modern security landscape
Any offensive security operator will tell you that guessing employee credentials is key to compromising your customer’s network – and therefore highlighting vulnerabilities – during a cyber-security engagement. The thing is, it’s easier said than done as…
KnockOutlook
KnockOutlook is a C# project that interacts with Outlook's COM object in order to perform a number of operations useful in red team engagements.
https://github.com/eksperience/KnockOutlook
#exchange #outlook #com #recon
KnockOutlook is a C# project that interacts with Outlook's COM object in order to perform a number of operations useful in red team engagements.
https://github.com/eksperience/KnockOutlook
#exchange #outlook #com #recon
GitHub
GitHub - eksperience/KnockOutlook: A little tool to play with Outlook
A little tool to play with Outlook. Contribute to eksperience/KnockOutlook development by creating an account on GitHub.
💣 ProxyNotShell PoC
ProxyNotShell this is a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery vulnerability (CVE-2022-41040) and a second vulnerability that allows Remote Code Execution (CVE-2022-41082) when PowerShell is available on the Exchange Server.
Research:
https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend
Nmap Checker:
https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse
PoC:
https://github.com/testanull/ProxyNotShell-PoC
UPD:
PoC for Python3
Thanks to @hackerralf8
https://xn--r1a.website/RalfHackerChannel/1286
#exchange #proxynotshell #ssrf #rce
ProxyNotShell this is a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery vulnerability (CVE-2022-41040) and a second vulnerability that allows Remote Code Execution (CVE-2022-41082) when PowerShell is available on the Exchange Server.
Research:
https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend
Nmap Checker:
https://github.com/CronUp/Vulnerabilidades/blob/main/proxynotshell_checker.nse
PoC:
https://github.com/testanull/ProxyNotShell-PoC
UPD:
PoC for Python3
Thanks to @hackerralf8
https://xn--r1a.website/RalfHackerChannel/1286
#exchange #proxynotshell #ssrf #rce
🔥7👍1
😈 OWASSRF — New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
CrowdStrike recently discovered a new exploit method using CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access.
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
#owa #exchange #ssrf #proxynotshell
CrowdStrike recently discovered a new exploit method using CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access.
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
#owa #exchange #ssrf #proxynotshell
CrowdStrike.com
OWASSRF: CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations
Learn how CrowdStrike recently discovered a new exploit method using CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access.
🔥6
Forwarded from Pentest Notes
Подготовил для вас подробное руководство по тестированию на проникновение Outlook Web Access (OWA). 😈
➡️ В статье я разобрал все основные атаки и уязвимости OWA. Собрал и структурировал самое полезное в одном месте.
➡️ Также материал идеально подойдет для тех, кто все еще путает между собой OWA, Outlook и MS Exchange :)
Даже если вы раньше не сталкивались с почтовыми сервисами Microsoft, после прочтения смело можете бежать проверять их на безопасность.🥤
Ссылка на статью
💫 @pentestnotes | #pentest #OWA #Exchange
Даже если вы раньше не сталкивались с почтовыми сервисами Microsoft, после прочтения смело можете бежать проверять их на безопасность.
Ссылка на статью
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥16❤🔥5👍5❤3😁1