PoC for the CVE-2022-41080 , CVE-2022-41082 and CVE-2022-41076 Vulnerabilities Affecting Microsoft Exchange Servers# CVE-2022-41082-POC
PoC for the CVE-2022-41082 NotProxyShell OWASSRF Vulnerability Effecting Microsoft Exchange Servers
This is Post-Auth RCE for ProxyNotShell OWASSRF, valid cardentials are needed for command execution.
# Added the Powershell PoC script for TabShell Vulnerability (CVE-2022-41076)
The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.
# Affected versions
Exchange 2013,16,19 till 08.11.2022 patch
This exploit bypasses Microsoft Hotfix from October 2022
# Setup
```
pip install -r requirements.txt
```
# Running
```
usage: python poc.py [-H Target] [-u username] [-p "password"] [-c cmd_file]
python poc.py -H https://192.168.0.1 -u user2 -p "123QWEasd!@#" -c cmd_file'
```
[4.0K] /data/pocs/5a3899cbee7aea06ad3b256b5fa3dadd8990923b
├── [ 12] cmd
├── [5.2K] poc.py
├── [4.0K] pypsrp
│ ├── [ 14K] client.py
│ ├── [ 61K] complex_objects.py
│ ├── [3.8K] encryption.py
│ ├── [3.9K] exceptions.py
│ ├── [ 44K] host.py
│ ├── [1.1K] index.html
│ ├── [ 958] __init__.py
│ ├── [ 37K] messages-bk.py
│ ├── [ 38K] messages.py
│ ├── [ 11K] negotiate.py
│ ├── [ 64K] powershell.py
│ ├── [4.0K] pwsh_scripts
│ │ ├── [5.2K] copy.ps1
│ │ ├── [1.9K] fetch.ps1
│ │ ├── [ 517] index.html
│ │ ├── [ 139] __init__.py
│ │ └── [4.0K] __pycache__
│ │ ├── [ 432] index.html
│ │ └── [ 150] __init__.cpython-36.pyc
│ ├── [ 0] py.typed
│ ├── [ 33K] serializer.py
│ ├── [ 16K] shell.py
│ ├── [3.5K] _utils.py
│ └── [ 45K] wsman.py
├── [ 828] README.md
├── [ 155] requirements.txt
└── [1.8K] TabShell.ps1
3 directories, 27 files