CVE-2021-26855 PoC — Microsoft Exchange Server Remote Code Execution Vulnerability

Source

https://github.com/thau0x01/poc_proxylogon

Associated Vulnerability

Title:Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)
Description:Microsoft Exchange Server Remote Code Execution Vulnerability

Description

Microsoft Exchange ProxyLogon PoC (CVE-2021-26855)

Readme

# poc_proxylogon
Microsoft Exchange ProxyLogon PoC (CVE-2021-26855)

This is script was originaly made by celesian to exploit this CVE.
Then i updated it to exploit an exchange server vulnerable to SSRF but it got a Shell exploiting the EWS feature, because a client company patched it's exchange server by disabling the `/ecp/DDI/DDIService.svc/` feature lol.

This may not work on several environments and this code is only a proof-of-concept to validate if your environment is vulnerable or not, do not use this to attack 3rd party infrastructure without explicit authorization!

The `ssrf_exploit.py` was was initially designed to get a valid MS Exchange admin account session and then upload a webshell by abusing the EWS features like other M$ Exchange clients do, like uploading e-mail attachments to the exchange server and then abusing export features to trigger the payload.

Those PoCs are uncomplete and need to be "analysed" bacause they will not work on most environment intentionnally.

File Snapshot


 [4.0K]  /data/pocs/32be24e274138aabca6bc29f1be83ac40066d565
├── [9.7K]  PoC_proxyLogon.py
├── [1002]  README.md
└── [ 23K]  ssrf_exploit.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!