Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-26855 PoC — Microsoft Exchange Server Remote Code Execution Vulnerability

Source
https://github.com/ZephrFish/Exch-CVE-2021-26855
Associated Vulnerability
Title:Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)
Description:Microsoft Exchange Server Remote Code Execution Vulnerability
Description
CVE-2021-26855: PoC (Not a HoneyPoC for once!)
Readme
# Exch-CVE-2021-26855
ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin. We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution. All affected components are vulnerable by default!

As a result, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server through an only opened 443 port!

## Usage:
```
python ExchangeSheller.py mail.domain.com test2@domain.com
python ExchangeSheller.py IP:443 test2@domain.com
```

## Expected Output
It'll give you a shell as system

## Note:
The exploit does not brute force the emails so you will need to know a valid email on the exchange server for this to work, there are other PoCs out there that'll try a few common ones but that's on you folks!
File Snapshot

 [4.0K]  /data/pocs/44615798eb2558aa11e1fb2de3142488fee99b4c
├── [9.1K]  ExchangeSheller.py
└── [ 927]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →