CVE-2021-26855

This Metasploit module exploits CVE-2021-26855, an authentication bypass vulnerability in Microsoft Exchange Server, to download emails and contacts from a target mailbox without authentication. It leverages the ProxyLogon vulnerability to impersonate an admin and interact with the Exchange Web Services (EWS) API.

This exploit leverages CVE-2021-26855 to perform unauthenticated email extraction from Microsoft Exchange servers (2013-2019) by abusing SSRF in the EWS API. It retrieves folder IDs, message IDs, and email content via crafted SOAP requests.

This exploit leverages CVE-2021-26855 (ProxyLogon) to achieve unauthenticated RCE on Microsoft Exchange Server by abusing the Autodiscover endpoint to write a malicious ASPX webshell. The PoC demonstrates full exploitation, including privilege escalation and command execution.

SharpProxyLogon is a C# PoC for the ProxyLogon vulnerability chain (CVE-2021-26855), enabling RCE on Microsoft Exchange servers. It automates the exploitation process, including shellcode injection via TikiTorch and semi-interactive shell access.

This repository contains a functional exploit for CVE-2021-26855, a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server. The exploit chain involves multiple steps to achieve remote code execution (RCE) by leveraging the SSRF to manipulate Exchange server configurations and deploy a webshell.

This repository contains a Go-based tool designed to scan for CVE-2021-26855, an authentication bypass vulnerability in Microsoft Exchange Server. The tool checks for the presence of the vulnerability by sending crafted HTTP requests and analyzing the response headers for specific indicators.

This repository contains a functional exploit for CVE-2021-26855, a critical SSRF vulnerability in Microsoft Exchange Server. The exploit leverages the ProxyLogon vulnerability to achieve remote code execution by crafting malicious requests to the Exchange Control Panel (ECP) endpoint.

This repository contains a functional Go-based exploit for CVE-2021-26855, a server-side request forgery (SSRF) vulnerability in Microsoft Exchange. The PoC includes functions to verify vulnerability existence, extract NTLM information, and enumerate user emails via crafted HTTP requests.

This repository contains a PowerShell script designed to detect webshells dropped on Microsoft Exchange servers compromised via CVE-2021-26855 and related vulnerabilities. It scans specific directories for suspicious files and known webshell patterns but does not exploit the vulnerability.

This repository contains a functional exploit for CVE-2021-26855, which is part of the ProxyLogon vulnerability chain affecting Microsoft Exchange Server. The exploit demonstrates an SSRF attack leading to arbitrary file write and potential remote code execution.

This repository contains functional exploit code for CVE-2021-26855, an SSRF vulnerability in Microsoft Exchange Server. The PoC demonstrates how to exploit the vulnerability to perform authenticated backend service requests, including extracting user details and profile photos.

This repository contains a functional exploit for CVE-2021-26855 (ProxyLogon), which allows unauthenticated remote code execution on Microsoft Exchange servers. The exploit leverages SSRF and authentication bypass to inject a webshell.

The repository contains a functional PoC for CVE-2021-26855, an SSRF vulnerability in Microsoft Exchange Server. The script uses crafted headers to trigger the vulnerability and checks for a 500 response with 'NegotiateSecurityContext' in the body to confirm exploitation.

This repository contains a functional exploit for CVE-2021-26855 (ProxyLogon), demonstrating an SSRF attack chain against Microsoft Exchange Server to achieve unauthenticated remote code execution. The exploit progresses through multiple stages to obtain FQDN, LegacyDN, SID, and ultimately delivers a payload.

This repository contains a functional exploit for CVE-2021-26855, a critical SSRF vulnerability in Microsoft Exchange Server that can be chained to achieve remote code execution (RCE). The exploit automates the attack chain, including authentication bypass, SSRF exploitation, and webshell upload.

This repository contains a functional exploit for CVE-2021-26855, which is a Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server that can be chained to achieve Remote Code Execution (RCE). The exploit automates the process of discovering the Exchange Server, obtaining necessary session tokens, and deploying a malicious ASPX shell.

This repository contains a functional exploit for CVE-2021-26855, an SSRF vulnerability in Microsoft Exchange Server. The exploit leverages the ProxyLogon chain to achieve remote code execution (RCE) by dropping an ASPX webshell on the target server.

This repository contains a functional Python script that exploits CVE-2021-26855, an SSRF vulnerability in Microsoft Exchange Server. The script sends a crafted HTTP request with specific headers and cookies to trigger the SSRF, using a Burp Collaborator domain for detection.

This repository contains a PowerShell script designed to scan Exchange Server logs for indicators of compromise (IOCs) related to the Hafnium exploitation chain, including CVE-2021-26855. It does not exploit the vulnerability but detects potential exploitation attempts by analyzing log files for specific patterns.

This repository contains a functional Go-based PoC for CVE-2021-26855, an SSRF vulnerability in Microsoft Exchange Server. The exploit leverages NTLM authentication and crafted HTTP requests to enumerate users and potentially access sensitive data.

This is a functional exploit for CVE-2021-26855 (ProxyLogon), which chains multiple vulnerabilities in Microsoft Exchange Server to achieve unauthenticated remote code execution. The PoC automates the exploitation process, including obtaining a session ID, bypassing authentication, and writing a malicious script to the server.

This repository contains functional exploit code for CVE-2021-26855, a Microsoft Exchange Server authentication bypass vulnerability. It includes scripts for brute-forcing SIDs, checking vulnerability status, and achieving remote code execution by chaining with CVE-2021-27065.

This repository contains a functional Python exploit for CVE-2021-26855, a ProxyLogon vulnerability in Microsoft Exchange Server. The exploit chains multiple steps to achieve remote code execution (RCE) by leveraging authentication bypass and arbitrary file write vulnerabilities.

This repository contains a functional exploit for CVE-2021-26855, a ProxyLogon vulnerability in Microsoft Exchange Server. The PoC demonstrates arbitrary file write leading to remote code execution (RCE) by exploiting SSRF and authentication bypass flaws.

This repository contains a functional Python script that exploits CVE-2021-26855 (ProxyLogon) to check and download emails from vulnerable Microsoft Exchange servers. It leverages EWS (Exchange Web Services) SOAP requests to interact with mailboxes without authentication.

This repository contains a functional Python script that exploits CVE-2021-26855, an SSRF vulnerability in Microsoft Exchange Server. The script sends crafted SOAP requests to vulnerable endpoints to extract server information, including domain name, computer name, and domain SID.

This repository provides a comprehensive writeup and timeline of the HAFNIUM Microsoft Exchange vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065), including technical details, detection methods, and mitigation strategies. It does not contain exploit code but offers in-depth analysis and references to official advisories.

This repository contains a PowerShell script designed to detect indicators of compromise (IoCs) for multiple Exchange Server vulnerabilities, including CVE-2021-26855. It scans logs, registry entries, and file systems for artifacts associated with exploitation attempts but does not include functional exploit code.

This repository contains a functional Go-based exploit for CVE-2021-26855, an SSRF vulnerability in Microsoft Exchange Server. The code includes NTLM authentication handling, vulnerability verification, and user enumeration capabilities.

This repository contains a functional exploit for CVE-2021-26855, leveraging SSRF to achieve RCE on Microsoft Exchange Server. The script automates the exploitation chain, including SSRF, privilege escalation, and webshell deployment.

This repository contains a functional Metasploit auxiliary module for scanning and exploiting CVE-2021-26855, a pre-authentication SSRF vulnerability in Microsoft Exchange Server. The module can detect vulnerable instances and is part of an exploit chain leading to RCE.

This repository contains a functional Metasploit exploit module for CVE-2021-26855, which leverages an SSRF vulnerability in Microsoft Exchange Server to achieve arbitrary file write. The exploit includes detailed steps for setup and execution, targeting the ProxyLogon vulnerability chain.

This repository contains a scanner for CVE-2021-26855, which is a server-side request forgery (SSRF) vulnerability in Microsoft Exchange. The code includes functions to detect the vulnerability by sending crafted HTTP requests and analyzing responses, but it does not include exploit code for achieving remote code execution.

This repository contains a functional Python script that exploits CVE-2021-26855, an SSRF vulnerability in Microsoft Exchange Server. The script verifies the vulnerability, performs SSRF attacks, and extracts server information such as domain name, computer name, and domain SID.

This repository contains a functional exploit for CVE-2021-26855 (SSRF) and CVE-2021-27065 (RCE) in Microsoft Exchange Server. The exploit chains these vulnerabilities to achieve remote code execution by leveraging NTLM authentication, SSRF, and arbitrary file write capabilities.

This repository contains a functional exploit for CVE-2021-26855, part of the ProxyLogon exploit chain targeting Microsoft Exchange Server. The PoC demonstrates the SSRF vulnerability to bypass authentication and gain administrative access.

This repository contains a functional Python script that exploits CVE-2021-26855 (ProxyLogon) to access and download emails from vulnerable Microsoft Exchange servers. It leverages EWS (Exchange Web Services) SOAP requests to enumerate mailboxes and retrieve emails without authentication.

This repository contains a functional exploit for CVE-2021-26855 (ProxyLogon), targeting Microsoft Exchange Server. The exploit includes steps for autodiscover, ProxyLogon bypass, and reverse shell creation with obfuscation and persistence mechanisms.

This repository contains a functional Python script that exploits CVE-2021-26855 (ProxyLogon) to access and download emails from vulnerable Microsoft Exchange servers. It leverages EWS (Exchange Web Services) SOAP requests to enumerate mailboxes and retrieve emails without authentication.

This repository contains a functional Python script that exploits CVE-2021-26855 (ProxyLogon) to access and download emails from vulnerable Microsoft Exchange servers. It leverages EWS (Exchange Web Services) SOAP requests to enumerate mailboxes and retrieve emails without authentication.

This repository contains a functional Python script that exploits CVE-2021-26855 (ProxyLogon) to access and download emails from vulnerable Microsoft Exchange servers. The script uses crafted SOAP requests to interact with Exchange Web Services (EWS) and bypass authentication.

This repository contains a functional Python script that exploits CVE-2021-26855 (ProxyLogon) to access and download emails from vulnerable Microsoft Exchange servers. It leverages EWS (Exchange Web Services) SOAP requests to enumerate mailboxes and retrieve emails without authentication.

This repository contains a functional exploit for CVE-2021-26855 and CVE-2021-27065, targeting Microsoft Exchange Server. The exploit chains SSRF (CVE-2021-26855) to achieve remote code execution (CVE-2021-27065) by leaking Legacy DN, SID, and OAB virtual directory info, then uploading a webshell.

This repository contains a theoretical analysis of CVE-2021-26855 (ProxyLogon) with conceptual enhancements using a 'Convergent Time Theory' framework. It does not include functional exploit code but provides a detailed educational demonstration of how theoretical timing and obfuscation techniques could be applied to the known vulnerability.

This is a functional exploit for CVE-2021-26855, a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server. The script automates the exploitation process, including user enumeration, legacy DN retrieval, and arbitrary file write to achieve remote code execution (RCE).

This repository contains a Burp Suite extension that checks for and exploits CVE-2021-26855, an SSRF vulnerability in Microsoft Exchange Server. The extension allows users to verify if a target is vulnerable and perform the attack by sending crafted requests.

This repository contains functional exploit code for CVE-2021-26855, a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server. The PoC demonstrates the exploitation steps, including obtaining DN values, session tokens, and modifying OAB settings to achieve remote code execution via a crafted script.

This repository contains a functional exploit for CVE-2021-26855, part of the ProxyLogon vulnerability chain affecting Microsoft Exchange Server. The exploit leverages SSRF and authentication bypass to achieve remote code execution (RCE) by dropping a web shell on the target system.

The repository contains a minimal README with no technical details or exploit code, only mentioning a C# PoC for CVE-2021-26855 (ProxyLogon) without providing any actual implementation or analysis.

The repository contains a minimal README with no actual exploit code or technical details, only a vague description of a C# PoC for CVE-2021-26855 (ProxyLogon). It lacks depth and appears to be a placeholder or lure.

This repository contains a detailed writeup in Chinese about the ProxyLogon vulnerability (CVE-2021-26855), discussing its impact as a pre-authentication RCE flaw in Microsoft Exchange Server. It highlights the discovery timeline, responsible disclosure by DEVCORE, and the severity of the vulnerability.

This repository contains functional exploit code for CVE-2021-26855, a ProxyLogon vulnerability in Microsoft Exchange Server. The Go and Python scripts demonstrate SSRF and authentication bypass techniques to exploit the vulnerability, including NTLM relaying and user enumeration capabilities.

The repository contains minimal placeholder code (a basic PHP script and a Node.js server) with no functional exploit for CVE-2021-26855. The README lacks technical details or exploit logic.

This repository contains a Java-based scanner that checks for CVE-2021-26855 (Exchange Server SSRF vulnerability) by using Nmap with a custom script. It reads a list of IP addresses, scans each IP in the subnet, and logs vulnerable IPs to a file.

This repository contains a functional exploit for CVE-2021-26855, part of the Microsoft Exchange ProxyLogon vulnerability chain. The Python script automates the exploitation process, including SSRF, authentication bypass, and arbitrary file write to achieve remote code execution (RCE).

This PowerShell script scans IIS logs for indicators of compromise (IOCs) related to CVE-2021-26855 and other Exchange vulnerabilities. It searches for specific patterns, file paths, and IP addresses associated with exploitation attempts but does not contain functional exploit code.

This script tests for the presence of CVE-2021-26855 (ProxyLogon) by sending a crafted HTTP request to an Exchange Server and checking the response for vulnerability indicators. It does not exploit the vulnerability but detects potential exposure.

This Metasploit module scans for CVE-2021-26855 (ProxyLogon), an authentication bypass vulnerability in Microsoft Exchange Server. It checks for SSRF via crafted HTTP requests and validates vulnerability by inspecting the 'X-CalculatedBETarget' header.

This exploit demonstrates the Proxylogon vulnerability chain (CVE-2021-26855 and CVE-2021-27065) in Microsoft Exchange Server, leveraging SSRF to achieve arbitrary file write and RCE via a crafted JScript payload.

This Metasploit module exploits CVE-2021-26855, an authentication bypass vulnerability in Microsoft Exchange Server, to dump mailbox data (emails, contacts, attachments) via SSRF. It leverages the ProxyLogon vulnerability to impersonate an admin and interact with the Exchange Web Services (EWS) API.

SharpProxyLogon is a C# exploit for CVE-2021-26855, a ProxyLogon vulnerability in Microsoft Exchange Server. It chains multiple exploits to achieve remote code execution (RCE) and includes functionality for shellcode injection and semi-interactive shell access.

This repository contains a functional Python script that exploits CVE-2021-26855 (ProxyLogon) to access and download emails from vulnerable Microsoft Exchange servers. The script uses crafted SOAP requests to interact with Exchange Web Services (EWS) and bypass authentication.

This repository contains a functional exploit for CVE-2021-26855, part of the ProxyLogon vulnerability chain in Microsoft Exchange Server. The PoC automates the exploitation process, including authentication bypass, arbitrary file write, and remote code execution via a crafted HTTP request chain.

This repository contains a functional exploit for CVE-2021-26855, a pre-authentication SSRF vulnerability in Microsoft Exchange Server leading to arbitrary file write and RCE. The exploit chain involves abusing the Autodiscover endpoint, MAPI over HTTP, and OAB manipulation to drop a webshell.