0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Microsoft Exchange Server Unpublished Pre-Authentication Remote Code Execution Exploit

[ 0Day-ID-36585 ]

Full title

Microsoft Exchange Server Unpublished Pre-Authentication Remote Code Execution Exploit [ Highlight ]

Highlight - is paid service, that can help to get more visitors to your material.

Price:

Date add

22-07-2021

Category

remote exploits

Platform

windows

Verified

Price

0.132 BTC

8 000 USD

Risk

[

Security Risk Critical

]

Rel. releases

Description

[Description]
First, IT'S NOT PROXYLOGON. IT'S NOT PROXYLOGON. IT'S NOT PROXYLOGON.
It's an unpublished vulnerability found by myself. It's not exploited in the wild and there's no exploit code on the Internet.

[About The Vulnerability]
It's a exploit chain utilizing pre-auth SSRF + post-auth EoP + post-auth file write to achieve pre-auth RCE on Exchange Server. The corresponding CVE numbers are:
- CVE-2021-28480, CVSS score 10
- CVE-2021-28481, CVSS score 10
- CVE-2021-28482, CVSS score 9

This exploit chain is not memory corruption bug so it's stable, easy to use, and no privilege required, the only limit is you must provide one victim's email as argument.

[Affect Versions]
- Exchange Server 2019 < 15.02.0858.010
- Exchange Server 2019 < 15.02.0792.013
- Exchange Server 2016 < 15.01.2242.008
- Exchange Server 2016 < 15.01.2176.012
- Exchange Server 2013 < 15.00.1497.015

Video: https://0day.today/videos/36585.mp4

Usage info

pip3 install -r requirements.txt
(I put requirements.txt in the head of exploit.py)

python3 exploit.py [target-exchange-ip] [victim email]
python3 exploit.py -h

Affected ver

Exchange Server 2019 < 15.02.0858.010
Exchange Server 2019 < 15.02.0792.013
Exchange Server 2016 < 15.01.2242.008
Exchange Server 2016 < 15.01.2176.012
Exchange Server 2013 < 15.00.1497.015

Tags

RCE Pre-auth-RCE Exchange MicrosoftExchange

Prooves Information

Video proof