Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-26855 PoC — Microsoft Exchange Server Remote Code Execution Vulnerability

Source
https://github.com/TaroballzChen/ProxyLogon-CVE-2021-26855-metasploit
Associated Vulnerability
Title:Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)
Description:Microsoft Exchange Server Remote Code Execution Vulnerability
Description
CVE-2021-26855 proxyLogon metasploit exploit script
Readme
# ProxyLogon-CVE-2021-26855-metasploit
CVE-2021-26855 proxyLogon exchange ssrf to arbitrary file write metasploit exploit script

# preparation
```cmd
git clone https://github.com/TaroballzChen/ProxyLogon-CVE-2021-26855-metasploit
cd ProxyLogon-CVE-2021-26855-metasploit
mkdir -p ~/.msf4/modules/exploits/windows/
cp exchange_ssrf_to_arbitrary_file_write.py ~/.msf4/modules/exploits/windows/
chmod +x ~/.msf4/modules/exploits/windows/exchange_ssrf_to_arbitrary_file_write.py
msfconsole
```

# metasploit usage
```text
set target <target>
set PAYLOAD <payload>
set rhost <vuln ip>
set port <vuln port>
set LHOST <list host ip>
set LPORT <list port>
```

# exploit

![exploit](1.png)
File Snapshot

 [4.0K]  /data/pocs/bd088d7da41a36c8cae15e1b67ee19235f6d3ee4
├── [140K]  1.png
├── [ 19K]  exchange_ssrf_to_arbitrary_file_write.py
├── [ 34K]  LICENSE
└── [ 681]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →