Jump to content

Title: A New Attack Surface on MS Exchange Part 3 - ProxyShell!

UKhackteam
UKhackteam
in Hacker Cracking / Penetration Testing / Cybersecurity

Featured Replies

Posted

preview

P.S. This is a cross-post blog from Zero Day Initiative (ZDI)

This is a guest post DEVCORE collaborated with Zero Day Initiative (ZDI) and published at their blog, which describes the exploit chain we demonstrated at Pwn2Own 2021! Please visit the following link to read that :)

FROM PWN2OWN 2021: A NEW ATTACK SURFACE ON MICROSOFT EXCHANGE - PROXYSHELL!

If you are interested in more Exchange Server attacks, please check the following articles:

A New Attack Surface on MS Exchange Part 1 - ProxyLogon!

A New Attack Surface on MS Exchange Part 2 - ProxyOracle!

A New Attack Surface on MS Exchange Part 3 - ProxyShell!

A New Attack Surface on MS Exchange Part 4 - ProxyRelay!

With ProxyShell, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server through an exposed 443 port! Here is the demonstration video:

  • Quote

    • Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Reply to this topic...
    Go to topic listing

    Important Information

    HackTeam Cookie PolicyWe have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.