CVE-2021-42321

This PoC exploits CVE-2021-42321, a deserialization vulnerability in Microsoft Exchange Server, by sending a malicious SOAP request with a crafted gadget chain to achieve remote code execution (RCE). The exploit leverages the Exchange Web Services (EWS) endpoint to trigger the vulnerability.

This is a proof-of-concept exploit for CVE-2021-42321, a .NET deserialization vulnerability. It generates a malicious payload using the TypeConfuseDelegate gadget to achieve remote code execution by bypassing Windows Defender restrictions.

This repository contains a functional exploit for CVE-2018-8581, which targets Microsoft Exchange Server. The exploit leverages NTLM relaying to escalate privileges by adding a delegate to a target user's mailbox, allowing unauthorized access to emails.

This repository contains a functional Python exploit for CVE-2021-42321, a deserialization vulnerability in Microsoft Exchange Server. The PoC leverages crafted SOAP requests to manipulate user configurations and trigger remote code execution via a gadget chain.