CVE-2021-27065
HIGH KEV RANSOMWAREMicrosoft Exchange Server - Remote Code Execution via ProxyLogon
Title source: llmExploitation Summary
CVE-2021-27065 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns.
EIP tracks 10 public exploits from researchers including testanull, adamrpostjr, Orange Tsai, mekhalleh (RAMELLA Sébastien), including a Metasploit module auxiliary/scanner/http/exchange_proxylogon.
AI-analyzed exploit summary This exploit leverages CVE-2021-27065 (part of the ProxyLogon vulnerability chain) to achieve arbitrary file write on Microsoft Exchange Server via SSRF and authentication bypass. It writes a malicious ASPX shell to the server, enabling remote code execution.
Description
Microsoft Exchange Server Remote Code Execution Vulnerability
Exploits (10)
This exploit leverages CVE-2021-27065 (part of the ProxyLogon vulnerability chain) to achieve arbitrary file write on Microsoft Exchange Server via SSRF and authentication bypass. It writes a malicious ASPX shell to the server, enabling remote code execution.
This repository contains PowerShell scripts designed to detect indicators of compromise (IoCs) related to CVE-2021-27065, such as webshells, log entries, and potential exfiltration files. The scripts scan directories, logs, and Active Directory for suspicious patterns and export results to CSV files.
This Metasploit module scans for CVE-2021-26855, an authentication bypass vulnerability in Microsoft Exchange Server. It checks for the presence of the vulnerability by sending a crafted HTTP request and analyzing the response headers.
This Metasploit module exploits CVE-2021-26855 (ProxyLogon) to bypass authentication and achieve RCE on Microsoft Exchange Server by combining it with CVE-2021-27065 for arbitrary file write. It leverages SSRF and deserialization to execute commands via a crafted payload.
This repository contains a functional exploit for CVE-2021-27065, which is part of the ProxyLogon vulnerability chain affecting Microsoft Exchange Server. The exploit chains CVE-2021-26855 (SSRF) and CVE-2021-27065 (RCE) to achieve remote code execution by leveraging authentication bypass and arbitrary file write vulnerabilities.
This repository contains a functional exploit for CVE-2021-27065, which allows unauthenticated remote code execution on Microsoft Exchange servers. The exploit leverages the ProxyLogon vulnerability chain to inject a webshell into the OAB (Offline Address Book) virtual directory.
The repository contains minimal placeholder code (a basic PHP script and a Node.js server) with no functional exploit or technical details related to CVE-2021-27065. The README lacks depth and does not provide any meaningful analysis or PoC.
This repository contains a functional exploit for CVE-2021-27065, part of the ProxyLogon vulnerability chain affecting Microsoft Exchange Server. The exploit leverages NTLM relaying and crafted requests to achieve remote code execution (RCE) by writing a webshell to the server.
This repository contains a functional exploit for CVE-2021-27065, a ProxyLogon vulnerability in Microsoft Exchange Server. The exploit demonstrates a multi-stage SSRF attack to achieve remote code execution by leveraging authentication bypass and arbitrary file write vulnerabilities.
This repository contains a functional exploit for CVE-2021-27065, which chains SSRF and authentication bypass vulnerabilities in Microsoft Exchange Server to achieve remote code execution. The exploit automates the process of obtaining a session, uploading a webshell, and executing commands.
References (4)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H