CVE-2020-17144

This exploit leverages a .NET deserialization vulnerability in Microsoft Exchange Server 2010 (CVE-2020-17144) to achieve remote code execution by crafting a malicious payload and saving it as a UserConfiguration object. The payload uses a complex chain of LINQ enumerators and reflection to trigger arbitrary code execution when deserialized.

This is a functional exploit for CVE-2020-17144, targeting Microsoft Exchange Server via deserialization. It leverages ysoserial.net to generate a malicious payload that writes a webshell to the Exchange Server's autodiscover directory.

This repository contains a functional exploit for CVE-2020-17144, leveraging a .NET deserialization vulnerability in Exchange Server 2010. The exploit uses ysoserial.net to generate a malicious payload that achieves remote code execution by exploiting the BinaryFormatter deserialization chain.

This repository contains a functional exploit for CVE-2020-17144, a deserialization vulnerability in Microsoft Exchange 2010. The exploit leverages unsafe deserialization in the MRM.AutoTag.Model component to achieve remote code execution by creating a malicious UserConfiguration object.

This repository contains a functional exploit for CVE-2020-17144, a Microsoft Exchange 2010 MRM.AutoTag.Model unsafe deserialization vulnerability. The exploit leverages a crafted payload to achieve remote code execution by creating a malicious UserConfiguration object.