A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

Overview

proxylogscan

This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). By chaining this bug with another post-auth arbitrary-file-write vulnerability to get code execution (CVE-2021-27065). As a result, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server.

This vulnerability affects (Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010).

All components are vulnerable by default.

Installation

Go 1.13+ required.

$ go get dw1.io/proxylogscan

Or download pre-built binary at release page.

Usage

$ proxylogscan -h
Usage of proxylogscan:
  -m string
        Request method (default "GET")
  -p string
        Proxy URL (HTTP/SOCKSv5)
  -s    Silent mode (Only display vulnerable/suppress errors)
  -u string
        Target URL/list to scan

Examples

There are 3 ways to use this tool.

$ proxylogscan -u https://domain.tld
$ proxylogscan -u urls.txt
$ cat urls.txt | proxylogscan
$ subfinder -silent -d domain.tld | httpx -silent | proxylogscan

Supporting Materials

License

proxylogscan is distributed under MIT.

You might also like...
Discover and remediate Log4Shell vulnerability [CVE-2021-45105]

sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from

Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS

log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul

A fast tool to scan CRLF vulnerability written in Go
A fast tool to scan CRLF vulnerability written in Go

CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target

Go script for bypassing 403 forbidden
Go script for bypassing 403 forbidden

Bypass-403 Go script for bypassing 403 forbidden Update V1.1.0 🚀 Close response body of every request in order to avoid leak Add timeout to avoid slo

CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)

CVE-2021-26084 Proof of concept for CVE-2021-26084. Confluence Server Webwork OGNL injection (Pre-Auth RCE) Disclaimer This is for educational purpose

A small server for verifing if a given java program is succeptibel to CVE-2021-44228

CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build

An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer.

Quick start Prepare keys (on both sides): [ -f ~/.ssh/id_ed25519 ] && [ -f ~/.ssh/id_ed25519.pub ] || ssh-keygen -t ed25519 scp ~/.ssh/id_ed25519.pub

CVE-2021-21978 exp
CVE-2021-21978 exp

CVE-2021-21978 CVE-2021-21978 RCE exp 影响版本 VMware View Planner Harness 4.X 与 CVE-2021-21978 类似,该漏洞可以在未授权访问的情况下,上传任意文件,并通过修改自带 py 脚本实现远程代码执行。

Exploit for HiveNightmare - CVE-2021–36934

HiveNightmare this is a quick and dirty exploit for HiveNightmare (or SeriousSam) - CVE-2021–36934 This allows non administrator users to read the SAM

Comments
  • Unable to Install

    Unable to Install

    After running this command getting this Error

    ┌──(root💀kali)-[~] └─# go get dw1.io/proxylogscan 1 ⨯

    cd .; git clone -- https://github.com/kitabisa/mubeng/pkg/mubeng /root/go/src/ktbs.dev/mubeng/pkg/mubeng

    Cloning into '/root/go/src/ktbs.dev/mubeng/pkg/mubeng'... remote: Not Found fatal: repository 'https://github.com/kitabisa/mubeng/pkg/mubeng/' not found package ktbs.dev/mubeng/pkg/mubeng: exit status 128

    Please let me know the solution for the same

    opened by 007divyachawla 2
  •  socket: too many open files

    socket: too many open files

    Hello! [ERR] Get "XXX": dial tcp XXX: socket: too many open files Then Killed. Linux 4.19.0-14-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30) x86_64 GNU/Linux go version go1.16.3 linux/amd64 ulimit -> unlimited

    opened by GH-Crypto 0
Owner
dw1
Bashturbation
dw1
CVE-2021-26855 exp

CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习 影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件 该漏洞不

Justin Ryan 111 Sep 12, 2022
CVE-2021-26855 exp

CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习 影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件 该漏洞不

Charlotte Zhang 111 Sep 12, 2022
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p

Pinaki 23 Jun 23, 2022
Poc-cve-2021-4034 - PoC for CVE-2021-4034 dubbed pwnkit

poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit Compile exploit.go go buil

Daniele Linguaglossa 97 Sep 12, 2022
CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034

CVE-2021-4034 January 25, 2022 | An00bRektn This is a golang implementation of C

Ryan S. 10 Feb 3, 2022
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2

Rakuten Group, Inc. 9 Aug 6, 2022
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.

CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint

GuidePoint Security, LLC 2 Apr 13, 2022
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:

Alexander Bakker 62 Aug 18, 2022
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4

Frank Hübner 12 Sep 17, 2022
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)

log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/

Nanitor 12 Sep 22, 2022